introduction
- Today's practice is relatively easy, originally had two questions, but the first question that almost looked, in fact, and almost six exercises before, is to put
xls
the files in the data read out, conduct some treatment for that problem For a sum operation is, so I can not practice, so today's main target is the question 21
- This is the question we need to perform cryptographic operations for a password, because the password reasons to do more in the game, the difficulty of this question is actually not so big, mainly related to the library there
hashlib
andhamc
Topic analysis
- As understood, we should know that when we registered a platform account, we store the password in the back-end database, based on a bunch of hash digest stored in the form of, thus ensuring that the party could not even get the user to store plaintext password (but he can still log in to your account platform, because the conventional, the login is to use the summary to verify), so as to ensure the security of the information
- For the hash function, we have commonly used
sha256
, md5
and so on, have one thing in common this type of function is all one-way function that can not be pushed back against plain text directly from the hash
- The
Python
commonly used libraries is the hash process hashlib
, and in addition, this exercise, we can consider another libraryhmac
- We went to is the use of encryption hash with salt such a way that when calculating the hash, not only for the original input will need to add a salt to make the same input can also get a different hash, so you can ensuring a more secure password, because hackers for some
md5
values, you can use rainbow tables against the introduction of plain text, and add the salt after, so that it does not know salt
the case can not be more Backward plaintext.
- For
hashlib
encryption is achieved only salt md5(password+salt)
, and hmac
to achieve the salt is then treated as a "password", plus salt hash is: message hash calculation section, according to the calculated barrier different hash passwords. To verify the hash value, it must provide the correct password.
- In this way, in fact,
hmac
more in line with our requirements, but it is encrypted, we use hashlib
what way can also be achieved
Code Example:
# -*- coding:utf-8 -*-
# Author:Konmu
'''
通常,登陆某个网站或者 APP,需要使用用户名和密码。
密码是如何加密后存储起来的呢?请使用 Python 对密码加密。
'''
import hashlib
from hmac import HMAC
import random
def Passwd_Encrypt(password,salt=None):
if(salt is None):
salt = ''.join([chr(random.randint(48,122)) for i in range(20)])
safe_pass = hashlib.md5((password+salt).encode('utf-8')).hexdigest()[:10] #hashlib的方式
else:
safe_pass = HMAC(bytes(password.encode('utf-8')),bytes(salt.encode('utf-8')),hashlib.md5).hexdigest()[:10]
#hmac算法实现,这个算法只能处理字节型数据,所以要进行一下类型转换
return(safe_pass)
if __name__ == "__main__":
old_pass = input("Please input your password:")
salt = "iamsalt"
new_pass1 = Passwd_Encrypt(old_pass)
new_pass2 = Passwd_Encrypt(old_pass,salt)
print("Your safe password:",new_pass1)
print("Your safe password:",new_pass2)
Encryption result
Please input your password:K0nmua4
Your safe password: ea2cd5c2fb
Your safe password: 1bf06bf616
由于通常我们注册账户使用的密码在8~18位,所以我们这里选择返回前10位做为密码,长度上已符合