Python common built-in modules (ii)
hashlib
To algorithm, also known as hash algorithm, hash algorithm. It is through a function to convert data for any length of a fixed length data string (typically represented by a string of 16 hexadecimal).
Digest by the digest algorithm is a function f()of an arbitrary data length datacalculated digest fixed length digest, in order to discover whether the original data had been tampered with.
Digest algorithm is able to indicate whether the data has been tampered with, because digest function is a one-way function, computing f(data)easy, but through the digestthrust reverser datais very difficult. Also, do a bit of modifications to the original data, will lead to the calculated digest completely different.
import hashlib
md5 = hashlib.md5 ()
md5.update('how to use md5 in python hashlib?'.encode('utf-8'))
print(md5.hexdigest())
If a large amount of data, can be divided into blocks called multiple times update(), the result of the final calculation is the same.
Since common password MD5 value can easily be calculated, so make sure to store the user's password has not been calculated MD5 those commonly used passwords, this approach is achieved by the original password plus a complex string, commonly known as "plus salt".
After Salt password MD5 process, it is not as long as the hacker knows Salt, even if the user input password is simple, it is difficult to reverse thrust by the clear text password MD5.
However, if two users use the same password for a simple example 123456, in the database, the two same MD5 value is stored, indicating that the two user's password is the same. Is there a way to let users use the same password to store different MD5 it?
If we assume that the user can not modify the login name, you can put the user login name as part of the Salt to calculate MD5, in order to achieve the same password is also different storage MD5.
hmac
By hashing algorithm, we can verify that the valid period of the data, is to compare the hash value of the data, e.g., the user determines the password is correct, we use stored in the database password_md5comparison calculation md5(password)results, if they are consistent, the user input password It is correct.
In order to prevent hackers rainbow table thrust reverser according to the original password hash value, the hash calculation time can not be calculated only for the original input, a need to add salt to the same input such that a different hash can be obtained, so greatly increased the difficulty of hackers to crack.
If salt is our own randomly generated, usually we use when calculating MD5 md5(message + salt). But in fact, the salt seen as a "password", plus salt hash is this: When calculating the hash for a message, based on the calculated barrier passwords different hash. To verify the hash value, it must provide the correct password.
This is in fact Hmac algorithm: Keyed-Hashing for Message Authentication. According to a standard algorithm, the hash calculation process, the mixed key calculation process.
Add salt and our custom algorithm different, Hmac algorithms are common for all hash algorithms are MD5 or SHA-1. Using our own salt Hmac alternative algorithm, the algorithm can make the program more standardized, more secure.
itertools
chain()
chain()The objects may be a set of iterations together, forming a larger iterator.
groupby()
groupby()The iterator adjacent repeating elements singled out together.
contextlib
In Python, this resource should pay special attention to read and write files, they must be closed properly after use. One way to properly close the file is to use the resourcestry...finally。
try:
f = open('/path/to/file', 'r')
f.read()
finally:
if f:
f.close()
Write try...finallyvery complicated. Python's withstatement allows us to use resources very easily, without having to worry about resources is not closed, so the above code can be simplified
with open('/path/to/file', 'r') as f:
f.read()
urllib
Get
urllib the requestmodule can easily fetch the URL content, i.e. transmits a GET request to the specified page, and then returns the HTTP response.
Post
If you want to send a POST request, just need the parameters datapassed to the form of bytes.
Handler
If you require more complex control, such as through a Proxy to access the site, we need to use ProxyHandlerto deal with.
urllib feature is the use of the program provided to perform a variety of HTTP requests. If you want to simulate a browser to complete a specific function, you need to request disguised browser. The method is to disguise the monitoring request sent by the browser, then the request of head camouflage browser User-Agentheader is used to identify a browser.