During automated testing, have you used several commonly used encryption algorithms in Python?

This article is shared from the Huawei Cloud Community " "Encryption Algorithm" | Several encryption algorithms commonly used in Python are implemented during automated testing. Have you used them? ", author: Chong Wuya.

write in front

• While doing automated testing these days, I encountered a problem, that is, the password requested by the interface is encrypted;
• The requirement of the product is that no other special means can be used. It provides an encryption algorithm and needs to use the data processed by the encryption algorithm to pass parameters when making an interface request;
• In fact, it is much simpler to say this, because you already know the encryption algorithm, so just encrypt the password before passing the parameters (I think silently, this product is too good);
• This article mainly organizes several encryption algorithms for subsequent testing.

public data

• In order to facilitate subsequent examples, we design a class to uniformly encapsulate the encryption algorithms that need to be demonstrated:

# -*- coding:utf-8 -*-

# Author: Chong Wuya

# Date: 2023/12/1

# File name: test_pass.py

# Function: Implementation of commonly used encryption algorithms

# Contact: VX(NoamaNelson)

# Blog: https://blog.csdn.net/NoamaNelson

import hashlib

class TestPass():

def __init__(self):

super(TestPass, self).__init__()

self.name = "admin"

self.password = "123456"

if __name__ == "__main__":

test_pass = TestPass()

• Among them, self.name simulates username data, and self.password simulates password data.

MD5 direct encryption

• MD5 is a commonly used one-way hash function and is irreversible, which means that the content before encryption cannot be determined through the encrypted result;
• The generated result is a fixed 128-bit byte, usually a 32-bit hexadecimal string;
• Hashlib will be used here. This is generally available after Python is installed. The directory is:

X:\Python37\Lib\hashlib.py

• Direct encryption implementation:

def test_md5(self):

md = hashlib.md5(self.password.encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​after direct md5 encryption is: {md5_pass}")

• The output is:

The password is 123456, which after direct md5 encryption is: e10adc3949ba59abbe56e057f20f883e

Username and password combination MD5 encryption

• There is a real business scenario. When testing a certain business system, it is not a simple password MD5 encryption;
• Instead, use the username and password combination, first convert them to lowercase and then encrypt them with md5;
• The implementation process of this requirement is:

def test_md5_01(self):

data = (self.name + self.password).lower()

md = hashlib.md5(data.encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, the md5 combination after encryption is: {md5_pass}")

• The output is:

Password 123456, username admin, md5 combination after encryption is: a66abb5684c45962d887564f08346e8d

Password is encrypted using MD5+salt

• In this scenario, the password is salted first;
• Then splice the salt after the original password;
• The implementation process is:

def test_md5_02(self):

s = self.password[:5] # Set salt

md = hashlib.md5((self.password + s).encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​after md5 is salted: {md5_pass}")

• The output is:

The password is 123456, after md5 is salted: e363373ddc24b34c5bb9d99abbfd8be5

After MD5 salting, the entire password is inserted into the salt.

• This scenario is also quite common, that is, set the salt first;
• Then use the join method to process the original password and salt;
• The implementation process is:

def test_md5_03(self):

s = self.password[:6] # Set salt

md = hashlib.md5((self.password.join(s)).encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​the json method for md5 salting is: {md5_pass}")

• The output is:

Password 123456, md5 salt using json method is: 43ec0d3f863b4f7e635e7169ddc18606

SHA1 encryption

• This is similar to MD5, but its result is a 160-bit byte, usually a 40-bit hexadecimal string;
• It's also in hashlib;
• The username and password are concatenated and encrypted using SHA1. The implementation is as follows:

def test_sha1(self):

data = self.name + self.password

sha1 = hashlib.sha1()

sha1.update(data.encode("utf-8"))

sha1_pass = sha1.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, sha1 combined encryption is: {sha1_pass}")

• The output is:

Password 123456, user name admin, sha1 combination after encryption is: cd5ea73cd58f827fa78eef7197b8ee606c99b2e6

SHA256 encryption

• SHA256 is more secure than SHA1, but is slower and the result will take longer;
• The username and password are concatenated and encrypted using SHA256. The implementation is as follows:

def test_sha256(self):

data = self.name + self.password

sha256 = hashlib.sha256()

sha256.update(data.encode("utf-8"))

sha1_pass = sha256.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, sha256 combination encryption is: {sha1_pass}")

• The output is:

Password 123456, user name admin, sha256 combination encryption is: ac0e7d037817094e9e0b4441f9bae3209d67b02fa484917065f71b16109a1a78

• Of course, there is also SHA512, which I won’t talk about. The same principle can be proved.

HMAC encryption

• In fact, I don’t use this much in the automation process, but it is also a very common encryption algorithm;
• HMAC is a message authentication protocol based on cryptographic hash functions and shared keys;
• You need to use the hmac library, the directory is:

X:\Python37\Lib\hmac.py

• There are three parameters, one is the key, one is the string to be encrypted, and one is the hash function. The example is as follows:

def test_hmac(self):

hm = hmac.new(b'029-11111111', bytes(self.password, 'utf-8'), hashlib.md5)

hm.digest()

hmac_pass = hm.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, after hmac encryption: {hmac_pass}")

• The output is:

Password 123456, user name admin, hmac encryption: 4e32d965d8965df4c7f6aaaf68791e86

Other algorithms

• Of course, there are several algorithms, which I won’t go into details here, such as DES, AES, RSA, ECC, etc.
• I'll add more later when I have time.

Source code of this article

# -*- coding:utf-8 -*-

# Author: Chong Wuya

# Date: 2023/12/1

# File name: test_pass.py

# Function: Implementation of commonly used encryption algorithms

# Contact: VX(NoamaNelson)

# Blog: https://blog.csdn.net/NoamaNelson

import hashlib

import hmac

class TestPass():

def __init__(self):

super(TestPass, self).__init__()

self.name = "admin"

self.password = "123456"

def test_md5(self):

md = hashlib.md5(self.password.encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​after direct md5 encryption is: {md5_pass}")

def test_md5_01(self):

data = (self.name + self.password).lower()

md = hashlib.md5(data.encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, the md5 combination after encryption is: {md5_pass}")

def test_md5_02(self):

s = self.password[:5] # Set salt

md = hashlib.md5((self.password + s).encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​after md5 is salted: {md5_pass}")

def test_md5_03(self):

s = self.password[:6] # Set salt

md = hashlib.md5((self.password.join(s)).encode())

md5_pass = md.hexdigest()

print(f"Password {self.password}, ​​the json method for md5 salting is: {md5_pass}")

def test_sha1(self):

data = self.name + self.password

sha1 = hashlib.sha1()

sha1.update(data.encode("utf-8"))

sha1_pass = sha1.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, sha1 combined encryption is: {sha1_pass}")

def test_sha256(self):

data = self.name + self.password

sha256 = hashlib.sha256()

sha256.update(data.encode("utf-8"))

sha1_pass = sha256.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, sha256 combination encryption is: {sha1_pass}")

def test_hmac(self):

hm = hmac.new(b'029-11111111', bytes(self.password, 'utf-8'), hashlib.md5)

hm.digest()

hmac_pass = hm.hexdigest()

print(f"Password {self.password}, ​​username {self.name}, after hmac encryption: {hmac_pass}")

if __name__ == "__main__":

test_pass = TestPass()

# test_pass.test_md5()

# test_pass.test_md5_01()

# test_pass.test_md5_02()

# test_pass.test_md5_03()

# test_pass.test_sha1()

# test_pass.test_sha256()

test_pass.test_hmac()

 

Click to follow and learn about Huawei Cloud’s new technologies as soon as possible~

IntelliJ IDEA 2023.3 & JetBrains Family Bucket annual major version update new concept "defensive programming": make yourself a stable job GitHub.com runs more than 1,200 MySQL hosts, how to seamlessly upgrade to 8.0? Stephen Chow's Web3 team will launch an independent App next month. Will Firefox be eliminated? Visual Studio Code 1.85 released, floating window US CISA recommends abandoning C/C++ to eliminate memory security vulnerabilities Yu Chengdong: Huawei will launch disruptive products next year and rewrite industry history TIOBE December: C# is expected to become the programming language of the year A paper written by Lei Jun 30 years ago : "Principle and Design of Computer Virus Determination Expert System"

{{o.name}}

{{m.name}}