hmac module and the module hashlib
First, what is the hash
hash is an algorithm (Python3. hashlib module version instead of using md5 and sha module module, the main provider SHA1, SHA224, SHA256, SHA384, SHA512, MD5 algorithm), the algorithm accepts incoming content, through the operation get a bunch of hash value.
hash value features:
- As long as the incoming content, hash value obtained as clear text password can be used to transport non-cryptographic checksum
- Solutions can not be returned by the hash value into content that can guarantee the security of non-plaintext passwords
- As long as the same hash algorithm used, regardless of how the contents of the verification, the hash value of a fixed length obtained can be used in text hashing
In fact, the hash algorithm can be viewed as shown below in a factory that receives raw materials you sent, processed the returned product is the hash value
import hashlib
# 作用:密码加密,无论你丢进什么字符串,他都会返回一串固定长度的字符串
m = hashlib.md
m = update
m1 = hashlib.md5() # 固定写法
m1.update(b'123456')
print("m1:", m1.hexdigest())
m2 = hashlib.md5()
m2.update(b'123')
m2.update(b'456')
print("m2: ", m2.hexdigest())The results (the results are the same):
E10adc3949ba59abbe56e057f20f883e
E10adc3949ba59abbe56e057f20f883e
Characteristics: 1. Programming fixed string
2. When the same string as the result of hash
3. superposition
Second, crack the hash algorithm encryption
hash encryption algorithm may seem very powerful, but he is certain defects, which can be hit by inverse solution of the library, the following code shown in FIG.
import hashlib
# 假定我们知道hash的微信会设置如下几个密码
pwd_list = [
'hash3714',
'hash1313',
'hash94139413',
'hash123456',
'123456hash',
'h123ash',
]
def make_pwd_dic(pwd_list):
dic = {}
for pwd in pwd_list:
m = hashlib.md5()
m.update(pwd.encode('utf-8'))
dic[pwd] = m.hexdigest()
return dic
def break_code(hash_pwd, pwd_dic):
for k, v in pwd_dic.items():
if v == hash_pwd:
print('hash的微信的密码是===>%s' % k)
hash_pwd = '0562b36c3c5a3925dbe3c4d32a4f2ba2'
break_code(hash_pwd, make_pwd_dic(pwd_list))Micro-letter password hash is ===> hash123456
To prevent password knocked library, we can use python in another hmac module, it created internally and content key to encrypt and then we had some sort of deal.
If you want to ensure that the final result hmac module consistent, must ensure that:
- Hmac.new within parentheses as specified initial key
- No matter how many times the update, check the contents together to accumulate the same content
# hmac模块:对密码进行加密,可以加盐
import hmac
m = hmac.new("randy".encode('utf-8'))
m.update("123456".encode('utf-8'))
print(m.hexdigest())
m2 = hmac.new("randy2".encode('utf-8'))
m2.update("123456".encode('utf-8'))
print(m2.hexdigest())
The results (two results are not the same)
9bc13474b683d3282d3b50d716f41cf1
0887d426644d83b3c9a71337e21bc675