1 Overview
Summary Introduction to Algorithms Python's hashlib provides a common digest algorithm, such as MD5, SHA1, and so on. What is the digest algorithm it? Digest algorithm, also known as hash algorithm, hash algorithm. It is through a function to convert data for any length of a fixed length data string (typically represented by a string of 16 hexadecimal). For example, you write an article, the content is a string ' How to use Python hashlib - by Michael ' , together with a summary of this article is ' 2d73d4f15c0db7f5ecb321b6a65e5d6d ' . If someone has tampered with your article and published as ' How to use Python hashlib - by Bob ' , you can point out all of a sudden Bob tamper with your article, because, according to ' How to use Python hashlib - by Bob ' calculated summary different from the original article summary. Visible, digest by the digest algorithm is the function f () of an arbitrary length data DATA fixed length calculated Digest summary, in order to discover whether the original data had been tampered with. Digest algorithm is able to indicate whether the data has been tampered with, because digest function is a one-way function, calculate f (data) is easy, but it is very difficult to digest data by reverse thrust. Also, do a bit of modifications to the original data, will lead to the calculated digest completely different.
2. Examples
import hashlib md5 = hashlib.md5() md5.updata ( " the this MD5 " .encode ( " UTF-. 8 " )) Print (md5.hexdigest ()) # Note: python3 to be transcoded. 8-UTF # results: 1fb854b337664396bacd634a2ad0ec18 # When the data amount is too is too large, you can block digest, for example: Import hashlib md5 = hashlib.md5() md5.updata("this".encode("utf-8")) md5.updata ( " MD5 " .encode ( " UTF-8 " )) Print (md5.hexdigest ()) # Note: Block is a space should be consistent # results: 1fb854b337664396bacd634a2ad0ec18
# MD5 digest algorithm is the most common, fast, the result is to generate a fixed 128 bit bytes, usually a 32-bit hexadecimal string representation.
2.1 Another way SHA1 digest
SHA1 usage and md5 similar Import hashlib SHA1 = hashlib.sha1 () sha1.update("this sha1 ".encode("utf-8")) print(sha1.hexdigest())
# 结果 :db56cab5dcf85f12cb558e53eec3a0b070a6e953 Results # SHA1 is 160 bit bytes, usually a 40-bit hexadecimal string representation. # More secure than SHA1 and SHA256 algorithms is SHA512, but the slower the more secure algorithm, and a longer summary length. # There are two different data may not have been the same through a summary digest algorithm? Entirely possible, because any digest algorithm is the infinite number of data sets are mapped to a finite set. This situation is called a collision, such as Bob tries to launch anti-summary based on your article ' How to Learn hashlib in Python - by Bob ' , and a summary of this article and your article is just exactly the same, this is not impossible, but very, very difficult.
3. Application
User name and password to log in to any site will allow users to store user login. How to store user name and password it? It is stored into a database table: name | password --------+---------- michael | 123456 bob | abc999 alice | alice2008 If you save the password in clear text, if the database is compromised, all the user's password fall into the hands of hackers. In addition, site operation and maintenance personnel can access the database, which is able to obtain all the user's password. The right way is not to save passwords store user passwords in plain text, but rather a summary store user passwords, For example MD5: username | password ---------+--------------------------------- michael | e10adc3949ba59abbe56e057f20f883e bob | 878ef96e86145580c38c87f0410ad153 alice | 99b1c2188db85afee403b1536010c2c9 When a user logs in, first calculate the MD5 clear text password entered by the user, MD5 and then comparing database storage, if consistent with instructions to enter the correct password, If not, the password is certainly wrong.
4. Advanced Applications
1 uses MD5 password storage on whether certain security? maybe. 2 Suppose you are a hacker, you have got the MD5 password storage database, 3 how the thrust reverser user's plaintext password by MD5 it? Brute force protracted and painstaking, the real hackers do not do it. . 4 . 5 consideration of such a situation, many users prefer 123456,888888 , these simple passwords password, 6 Thus, the hacker can be pre-calculated values of these common password MD5, to obtain a reverse thrust Table: . 7 ' e10adc3949ba59abbe56e057f20f883e ' : ' 123456 ' . 8 ' 21218cca77804d2ba1922c33e0151105 ' : ' 888888 ' . 9 ' 5f4dcc3b5aa765d61d8327deb882cf99 ' : ' password ' 10 . 11 12 is 13 is For the user, of course, do not use too simple password. However, we can strengthen it simple password protection on programming? 14 15 Since the common password MD5 value can easily be calculated, therefore, to ensure that the user password is not stored in the password that has been commonly calculated MD5, 16 this is achieved by a method of adding a complex password original string, commonly known as "salt": . 17 DEF calc_md5 (password): 18 is return get_md5 (password + ' the-Salt ' ) . 19 20 is through Salt password MD5 process, is not as long as the hacker knows Salt, even if the user input password is simple, it is difficult to MD5 push through anti-plaintext passwords. 21 is 22 is , however, if two users use the same password for a simple example 123456, 23 in the database, the two same MD5 value is stored, 24 indicating that these two user's password is the same. Is there a way to let users use the same password to store different MD5 it? 25 26 If it is assumed that users can not modify the login name, 27 can, through the user login name as part of the Salt to calculate MD5, in order to achieve the same password is also stored a different MD5
5. Summary
1 digest algorithm in many places have a wide range of applications. 2 to be noted that not digest algorithm encryption algorithm, the encryption can not be used (because they can not digest by reverse thrust plain text), it can only be used for tamper-proof, 3 but its characteristics determine the calculating way can be verified without storing plaintext password user password
See: Https://Www.Liaoxuefeng.Com/wiki/897692888725344/923057313018752