The following is an example of real-life SHA implementation.
For this real-world example, we will be implementing an SHA256 encoding scheme and generating a salt to make it even more secure by defeating precomputed hash tables. We will then run it through password-checking to ensure the password was typed correctly:
#!/usr/bin/python import uuid import hashlib # Let's do the hashing. We create a salt and append it to the password once hashes. def hash(password): salt = uuid.uuid4().hex return hashlib.sha512(salt.encode() + password.encode()).hexdigest() + ':' + salt # Let's confirm that worked as intended. def check(hashed, p2): password, salt = hashed.split(':') return password == hashlib.sha512(salt.encode() + p2.encode()).hexdigest() password = raw_input('Please enter a password: ') hashed = hash(password) print('The string to store in the db is: ' + hashed) re = raw_input('Please re-enter your password: ') # Let's ensure the passwords matched if check(hashed, re): print('Password Match') else: print('Password Mismatch')
To begin the script, we need to import the correct libraries:
import uuid import hashlib
We then need to define the function that will hash the password. We start by creating a salt, using the uuid
library. Once the salt has been generated, we use hashlib.sha256
to string together the salt encode and the password encode and make it readable by using hexdigest
and finally appending the salt to the end of it:
def hash(password): salt = uuid.uuid4().hex return hashlib.sha512(salt.encode() + password.encode()).hexdigest() + ':' + salt
Next, we move onto the check password function. This is what is going to confirm our original password is the same as the second one to ensure there were no mistakes. This is done by using the same method as before:
def check(hashed, p2): password, salt = hashed.split(':') return password == hashlib.sha512(salt.encode() + p2.encode()).hexdigest()
Once we have created the blocks of code that we need, we can then start asking the user for the required input. We start off by asking for the original password and using the hash_password
function to create the hash. This then gets printed out to the user. After the first password has been done, we ask for the password again to ensure there has been no spelling mistakes. The check_password
function then hashes the password again and compares the original to the new one. If they match, the user is informed that the password is correct; if not, the user is informed that the passwords do not match:
password = raw_input('Please enter a password: ') hashed = hash(password) print('The string to store in the db is: ' + hashed) re = raw_input('Please re-enter your password: ') if check(hashed, re): print('Password Match') else: print('Password Mismatch')
Here is an example of the code in use:
Please enter a password: password The string to store in the db is: a8be1e0e023e2c9c1e96187c4b966222ccf1b7d34718ad60f8f000094d39 d8dd3eeb837af135bfe50c7baea785ec735ed04f230ffdbe2ed3def1a240c 97ca127:d891b46fc8394eda85ccf85d67969e82 Please re-enter your password: password Password Match
The preceding result is an example of a user enter the same password twice. Here is an example of the user failing to enter the same password:
Please enter a password: password1 The string to store in the db is: 418bba0beeaef52ce523dafa9b19baa449562cf034ebd1e4fea8c007dd49cb 1004e10b837f13d59b13236c54668e44c9d0d8dbd03e32cd8afad6eff04541 ed07:1d9cd2d9de5c46068b5c2d657ae45849 Please re-enter your password: password Password Mismatch