python -> hashlib module and the module hmac

table of Contents

A, hashlib module

Password encryption: No matter what you throw the string, he will return a string of fixed-length string

1. It becomes a fixed character string
2. The same result as the hash string
3. Superposition

What is 1.0.1 hashlib

hash is an algorithm (Python3. hashlib module version instead of using md5 and sha module module, the main provider SHA1, SHA224, SHA256, SHA384, SHA512, MD5 algorithm), the algorithm accepts incoming content, through the operation get a bunch of hash value.

hashlib value features:

1. As long as the incoming content, hash value obtained as clear text password can be used to transport non-cryptographic checksum
2. Solutions can not be returned by the hash value into content that can guarantee the security of non-plaintext passwords
3. As long as the same hash algorithm used, regardless of how the contents of the verification, the hash value of a fixed length obtained can be used in text hashing

In fact, the hash algorithm can be viewed as shown below in a factory that receives raw materials you sent, processed the returned product is the hash value

import hashlib
import hashlib
m = hashlib.md5()

m.update('hello'.encode('utf8'))
print(m.hexdigest())
#
5d41402abc4b2a76b9719d911017c592

import hashlib

m = hashlib.md5()  # 固定的写法
m.update(b'123456')
# m.update(b'456')
print(m.hexdigest())
#
e10adc3949ba59abbe56e057f20f883e

import hashlib

m = hashlib.md5()  # 固定的写法
m.update(b'123')
m.update(b'456')
print(m.hexdigest())
#
e10adc3949ba59abbe56e057f20f883e

1.0.2 crack the hash algorithm to encrypt hit library

hash encryption algorithm may seem very powerful, but he is certain defects, which can be hit by inverse solution of the library, the following code shown in FIG.

import hashlib

# 假定我们知道hash的微信会设置如下几个密码
pwd_list = [
    'hash3714',
    'hash1313',
    'hash94139413',
    'hash123456',
    '123456hash',
    'h123ash',
]


def make_pwd_dic(pwd_list):
    dic = {}
    for pwd in pwd_list:
        m = hashlib.md5()
        m.update(pwd.encode('utf-8'))
        dic[pwd] = m.hexdigest()
    return dic


def break_code(hash_pwd, pwd_dic):
    for k, v in pwd_dic.items():
        if v == hash_pwd:
            print('hash的微信的密码是===>%s' % k)


hash_pwd = '0562b36c3c5a3925dbe3c4d32a4f2ba2'
break_code(hash_pwd, make_pwd_dic(pwd_list))

Micro-letter password hash is ===> hash123456

To prevent password knocked library, we can use python in another hmac module, it created internally and content key to encrypt and then we had some sort of deal.

If you want to ensure that the final result hmac module consistent, must ensure that:

1. Hmac.new within parentheses as specified initial key
2. No matter how many times the update, check the contents together to accumulate the same content

Two, hmac module

hmac module: password encryption, you can add salt

Note hmac module accepts only binary data encryption

The same usage

import hmac

# 注意hmac模块只接受二进制数据的加密
h1 = hmac.new(b'hash')
h1.update(b'hello')
h1.update(b'world')
print(h1.hexdigest())
905f549c5722b5850d602862c34a763e

h2 = hmac.new(b'hash')
h2.update(b'helloworld')
print(h2.hexdigest())
905f549c5722b5850d602862c34a763e

h3 = hmac.new(b'hashhelloworld')
print(h3.hexdigest())
a7e524ade8ac5f7f33f3a39a8f63fd25