Latest posts on сравнение введенного пароля с паролем из MariaDB topichttps://python.su/forum/topic/39593/2020-10-29T09:05:25+02:00Общий :: Базы данных :: сравнение введенного пароля с паролем из MariaDB
2020-10-29T09:05:25+02:00ffrr212777спасибо, у меня вышло таким образом:<br/><div class="code"><pre> <span class="k">if</span> <span class="n">username</span> <span class="o">==</span> <span class="n">dbuser</span> <span class="p">:</span>
<span class="k">while</span> <span class="bp">True</span><span class="p">:</span>
<span class="n">password</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">(</span><span class="n">prompt</span><span class="o">=</span><span class="s2">"Enter secret password:"</span><span class="p">)</span>
<span class="k">if</span> <span class="p">(</span><span class="n">hashlib</span><span class="o">.</span><span class="n">sha1</span><span class="p">(</span><span class="n">password</span><span class="o">.</span><span class="n">encode</span><span class="p">())</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span> <span class="o">==</span> <span class="n">dbpass</span><span class="p">):</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"Authentication success"</span><span class="p">)</span>
<span class="k">break</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"Bad password"</span><span class="p">)</span>
</pre></div>
Общий :: Базы данных :: сравнение введенного пароля с паролем из MariaDB
2020-10-28T23:23:00+02:00py.user.next212774<blockquote><em>ffrr</em><br/>Как правильно сравнивать SHA1 от пароля, который записан в БД с вводимым паролем?</blockquote>Надо из вводимого пароля получить значение SHA1.<br/><br/>Только тупость с двоеточием и солью убери из проверки пароля на соответствие.<br/><br/>Ты должен ввести строку пароля, потом строка пароля должна преобразоваться в строку пароля, сохранённого в базе данных. Пока ты не преобразовал вводимую строку в пароль, совпадающий с паролем в базе данных, ты ничего не ввёл ещё. А как там и что называется, пароль строковый или пароль хешированный, абсолютно не важно. Пароль - это то, что хранится в базе данных. По-научному это называется “секрет”. Все действия, проводимые до получения секрета, ничего не значат.
Общий :: Базы данных :: сравнение введенного пароля с паролем из MariaDB
2020-10-28T12:58:04+02:00ffrr212770пароли совпадают, только если указать SHA1 от пароля, а не сам пароль:<br/><div class="code"><pre> <span class="o">-------------------------</span>
<span class="o"><<<<<<<<<</span><span class="n">Welcome</span><span class="o">>>>>>>>>></span>
<span class="o">-------------------------</span>
<span class="n">Username</span><span class="p">:</span><span class="mi">659605758501</span>
<span class="p">(</span><span class="mi">659605758501</span><span class="p">,</span> <span class="s1">'d399dc6259ca2df564e0b939abc334ffd77e41d8'</span><span class="p">)</span>
<span class="mi">659605758501</span>
<span class="n">d399dc6259ca2df564e0b939abc334ffd77e41d8</span>
<span class="n">Enter</span> <span class="n">secret</span> <span class="n">password</span><span class="p">:</span>
<span class="n">String</span> <span class="k">for</span> <span class="n">saving</span> <span class="ow">in</span> <span class="n">database</span><span class="p">:</span> <span class="mf">3e2</span><span class="n">b2e4a8e2a45eb373f00e0f28ae2ac08953a05</span><span class="p">:</span><span class="mi">57</span><span class="n">ad6fd53eed4e6d83241d67e45a6f94</span>
<span class="n">Enter</span> <span class="n">password</span> <span class="n">again</span> <span class="k">for</span> <span class="n">check</span><span class="p">:</span> <span class="n">d399dc6259ca2df564e0b939abc334ffd77e41d8</span>
<span class="n">Your</span> <span class="n">password</span> <span class="ow">is</span> <span class="n">correct</span>
</pre></div>
Общий :: Базы данных :: сравнение введенного пароля с паролем из MariaDB
2020-10-28T12:56:03+02:00ffrr212769Попробовал так:<br/><div class="code"><pre> <span class="c1">#!/usr/bin/python</span>
<span class="kn">import</span> <span class="nn">pymysql</span>
<span class="kn">import</span> <span class="nn">getpass</span>
<span class="kn">import</span> <span class="nn">uuid</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"-------------------------"</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"<<<<<<<<<Welcome>>>>>>>>>"</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"-------------------------"</span><span class="p">)</span>
<span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">"Username:"</span><span class="p">)</span>
<span class="n">db</span> <span class="o">=</span> <span class="n">pymysql</span><span class="o">.</span><span class="n">connect</span><span class="p">(</span><span class="s2">"hostname"</span><span class="p">,</span><span class="s2">"user"</span><span class="p">,</span><span class="s2">"pass"</span><span class="p">,</span><span class="s2">"db"</span><span class="p">)</span>
<span class="c1"># prepare a cursor object using cursor() method</span>
<span class="n">cursor</span> <span class="o">=</span> <span class="n">db</span><span class="o">.</span><span class="n">cursor</span><span class="p">()</span>
<span class="n">cursor</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s2">"SELECT userID, password from permissions"</span><span class="p">)</span>
<span class="n">data</span> <span class="o">=</span> <span class="n">cursor</span><span class="o">.</span><span class="n">fetchone</span><span class="p">()</span>
<span class="n">dbuser</span><span class="p">,</span> <span class="n">dbpass</span> <span class="o">=</span> <span class="nb">str</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="mi">0</span><span class="p">]),</span> <span class="n">data</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span>
<span class="k">print</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="n">dbuser</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="n">dbpass</span><span class="p">)</span>
<span class="k">if</span> <span class="n">username</span> <span class="o">==</span> <span class="n">dbuser</span> <span class="p">:</span>
<span class="n">password</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">(</span><span class="n">prompt</span><span class="o">=</span><span class="s2">"Enter secret password:"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">):</span>
<span class="n">salt</span> <span class="o">=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">uuid4</span><span class="p">()</span><span class="o">.</span><span class="n">hex</span>
<span class="k">return</span> <span class="n">hashlib</span><span class="o">.</span><span class="n">sha1</span><span class="p">(</span><span class="n">salt</span><span class="o">.</span><span class="n">encode</span><span class="p">()</span> <span class="o">+</span> <span class="n">password</span><span class="o">.</span><span class="n">encode</span><span class="p">())</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span> <span class="o">+</span> <span class="s1">':'</span> <span class="o">+</span> <span class="n">salt</span>
<span class="k">def</span> <span class="nf">check_password</span><span class="p">(</span><span class="n">hashed_password</span><span class="p">,</span> <span class="n">user_password</span><span class="p">):</span>
<span class="n">password</span><span class="p">,</span> <span class="n">salt</span> <span class="o">=</span> <span class="n">hashed_password</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">':'</span><span class="p">)</span>
<span class="k">return</span> <span class="n">password</span> <span class="o">==</span> <span class="n">hashlib</span><span class="o">.</span><span class="n">sha1</span><span class="p">(</span><span class="n">salt</span><span class="o">.</span><span class="n">encode</span><span class="p">()</span> <span class="o">+</span> <span class="n">user_password</span><span class="o">.</span><span class="n">encode</span><span class="p">())</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span>
<span class="c1">#new_pass = input('Enter password: ') </span>
<span class="c1">#hashed_password = hash_password(new_pass) </span>
<span class="n">hashed_password</span> <span class="o">=</span> <span class="n">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s1">'String for saving in database: '</span> <span class="o">+</span> <span class="n">hashed_password</span><span class="p">)</span>
<span class="n">old_pass</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s1">'Enter password again for check: '</span><span class="p">)</span>
<span class="k">if</span> <span class="n">check_password</span><span class="p">(</span><span class="n">hashed_password</span><span class="p">,</span> <span class="n">dbpass</span><span class="p">):</span>
<span class="k">print</span><span class="p">(</span><span class="s1">'Your password is correct'</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s1">'Sorry, password don</span><span class="se">\'</span><span class="s1">t match'</span><span class="p">)</span>
<span class="k">else</span> <span class="p">:</span>
<span class="k">print</span> <span class="p">(</span><span class="s2">"please try another user name. This user name is incorrect"</span><span class="p">)</span>
</pre></div><br/>тоже пароли не совпадают:<br/><div class="code"><pre> <span class="o">-------------------------</span>
<span class="o"><<<<<<<<<</span><span class="n">Welcome</span><span class="o">>>>>>>>>></span>
<span class="o">-------------------------</span>
<span class="n">Username</span><span class="p">:</span><span class="mi">659605758501</span>
<span class="p">(</span><span class="mi">659605758501</span><span class="p">,</span> <span class="s1">'d399dc6259ca2df564e0b939abc334ffd77e41d8'</span><span class="p">)</span>
<span class="mi">659605758501</span>
<span class="n">d399dc6259ca2df564e0b939abc334ffd77e41d8</span>
<span class="n">Enter</span> <span class="n">secret</span> <span class="n">password</span><span class="p">:</span>
<span class="n">String</span> <span class="k">for</span> <span class="n">saving</span> <span class="ow">in</span> <span class="n">database</span><span class="p">:</span> <span class="mi">7</span><span class="n">abf5b2d5e0be1b5b820d2d851de05f9cc80ec91</span><span class="p">:</span><span class="n">f2a41829db8742d4a024580fcc1b6d63</span>
<span class="n">Enter</span> <span class="n">password</span> <span class="n">again</span> <span class="k">for</span> <span class="n">check</span><span class="p">:</span> <span class="n">my_password_as_text</span>
<span class="n">Sorry</span><span class="p">,</span> <span class="n">password</span> <span class="n">don</span><span class="s1">'t match</span>
</pre></div>
Общий :: Базы данных :: сравнение введенного пароля с паролем из MariaDB
2020-10-28T12:44:13+02:00ffrr212768В MariaDB пароль хранится в SHA1. <br/>При запуске скрипта <br/><div class="code"><pre> <span class="c1">#!/usr/bin/python</span>
<span class="kn">import</span> <span class="nn">pymysql</span>
<span class="kn">import</span> <span class="nn">getpass</span>
<span class="kn">import</span> <span class="nn">uuid</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"-------------------------"</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"<<<<<<<<<Welcome>>>>>>>>>"</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s2">"-------------------------"</span><span class="p">)</span>
<span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">"Username:"</span><span class="p">)</span>
<span class="n">db</span> <span class="o">=</span> <span class="n">pymysql</span><span class="o">.</span><span class="n">connect</span><span class="p">(</span><span class="s2">"hostname"</span><span class="p">,</span><span class="s2">"user"</span><span class="p">,</span><span class="s2">"pass"</span><span class="p">,</span><span class="s2">"db"</span><span class="p">)</span>
<span class="c1"># prepare a cursor object using cursor() method</span>
<span class="n">cursor</span> <span class="o">=</span> <span class="n">db</span><span class="o">.</span><span class="n">cursor</span><span class="p">()</span>
<span class="n">cursor</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s2">"SELECT userID, password from permissions"</span><span class="p">)</span>
<span class="n">data</span> <span class="o">=</span> <span class="n">cursor</span><span class="o">.</span><span class="n">fetchone</span><span class="p">()</span>
<span class="n">dbuser</span><span class="p">,</span> <span class="n">dbpass</span> <span class="o">=</span> <span class="nb">str</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="mi">0</span><span class="p">]),</span> <span class="n">data</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span>
<span class="k">print</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="n">dbuser</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="n">dbpass</span><span class="p">)</span>
<span class="k">if</span> <span class="n">username</span> <span class="o">==</span> <span class="n">dbuser</span> <span class="p">:</span>
<span class="n">password</span> <span class="o">=</span> <span class="n">getpass</span><span class="o">.</span><span class="n">getpass</span><span class="p">(</span><span class="n">prompt</span><span class="o">=</span><span class="s2">"Enter secret password:"</span><span class="p">)</span>
<span class="k">else</span> <span class="p">:</span>
<span class="k">print</span> <span class="p">(</span><span class="s2">"please try another user name. This user name is incorrect"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">):</span>
<span class="n">salt</span> <span class="o">=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">uuid4</span><span class="p">()</span><span class="o">.</span><span class="n">hex</span>
<span class="k">return</span> <span class="n">hashlib</span><span class="o">.</span><span class="n">sha1</span><span class="p">(</span><span class="n">salt</span><span class="o">.</span><span class="n">encode</span><span class="p">()</span> <span class="o">+</span> <span class="n">password</span><span class="o">.</span><span class="n">encode</span><span class="p">())</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span> <span class="o">+</span> <span class="s1">':'</span> <span class="o">+</span> <span class="n">salt</span>
<span class="k">def</span> <span class="nf">check_password</span><span class="p">(</span><span class="n">hashed_password</span><span class="p">,</span> <span class="n">user_password</span><span class="p">):</span>
<span class="n">password</span><span class="p">,</span> <span class="n">salt</span> <span class="o">=</span> <span class="n">hashed_password</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">':'</span><span class="p">)</span>
<span class="k">return</span> <span class="n">password</span> <span class="o">==</span> <span class="n">hashlib</span><span class="o">.</span><span class="n">sha1</span><span class="p">(</span><span class="n">salt</span><span class="o">.</span><span class="n">encode</span><span class="p">()</span> <span class="o">+</span> <span class="n">user_password</span><span class="o">.</span><span class="n">encode</span><span class="p">())</span><span class="o">.</span><span class="n">hexdigest</span><span class="p">()</span>
<span class="n">new_pass</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s1">'Enter password: '</span><span class="p">)</span>
<span class="n">hashed_password</span> <span class="o">=</span> <span class="n">hash_password</span><span class="p">(</span><span class="n">new_pass</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s1">'String for saving in database: '</span> <span class="o">+</span> <span class="n">hashed_password</span><span class="p">)</span>
<span class="n">old_pass</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s1">'Enter password again for check: '</span><span class="p">)</span>
<span class="k">if</span> <span class="n">check_password</span><span class="p">(</span><span class="n">hashed_password</span><span class="p">,</span> <span class="n">dbpass</span><span class="p">):</span>
<span class="k">print</span><span class="p">(</span><span class="s1">'Your password is correct'</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s1">'Sorry, password don</span><span class="se">\'</span><span class="s1">t match'</span><span class="p">)</span>
</pre></div><br/>даже если я ввожу верный пароль дважды, пишет, что пароль не совпадает:<br/><br/><div class="code"><pre> <span class="o">-------------------------</span>
<span class="o"><<<<<<<<<</span><span class="n">Welcome</span><span class="o">>>>>>>>>></span>
<span class="o">-------------------------</span>
<span class="n">Username</span><span class="p">:</span><span class="mi">659605758501</span>
<span class="p">(</span><span class="mi">659605758501</span><span class="p">,</span> <span class="s1">'d399dc6259ca2df564e0b939abc334ffd77e41d8'</span><span class="p">)</span>
<span class="mi">659605758501</span>
<span class="n">d399dc6259ca2df564e0b939abc334ffd77e41d8</span>
<span class="n">Enter</span> <span class="n">secret</span> <span class="n">password</span><span class="p">:</span>
<span class="n">Enter</span> <span class="n">password</span><span class="p">:</span> <span class="n">my_password</span>
<span class="n">String</span> <span class="k">for</span> <span class="n">saving</span> <span class="ow">in</span> <span class="n">database</span><span class="p">:</span> <span class="mf">9e691</span><span class="n">d981f2c5d240e27ba5d499b695693da6b8f</span><span class="p">:</span><span class="n">ab8ae339f01d43a7b8f9dda6ddda545a</span>
<span class="n">Enter</span> <span class="n">password</span> <span class="n">again</span> <span class="k">for</span> <span class="n">check</span><span class="p">:</span> <span class="n">my_password</span>
<span class="n">Sorry</span><span class="p">,</span> <span class="n">password</span> <span class="n">don</span><span class="s1">'t match</span>
</pre></div><br/>здесь я ввожу my_password как просто пароль (не SHA1).<br/>А если я введу SHA1 от пароля, как записано в БД, то пишет, что пароль совпадает:<br/><div class="code"><pre> <span class="o">-------------------------</span>
<span class="o"><<<<<<<<<</span><span class="n">Welcome</span><span class="o">>>>>>>>>></span>
<span class="o">-------------------------</span>
<span class="n">Username</span><span class="p">:</span><span class="mi">659605758501</span>
<span class="p">(</span><span class="mi">659605758501</span><span class="p">,</span> <span class="s1">'d399dc6259ca2df564e0b939abc334ffd77e41d8'</span><span class="p">)</span>
<span class="mi">659605758501</span>
<span class="n">d399dc6259ca2df564e0b939abc334ffd77e41d8</span>
<span class="n">Enter</span> <span class="n">secret</span> <span class="n">password</span><span class="p">:</span>
<span class="n">Enter</span> <span class="n">password</span><span class="p">:</span> <span class="n">d399dc6259ca2df564e0b939abc334ffd77e41d8</span>
<span class="n">String</span> <span class="k">for</span> <span class="n">saving</span> <span class="ow">in</span> <span class="n">database</span><span class="p">:</span> <span class="mi">7</span><span class="n">f9879cbf1eae806be740254ec4d317ec068186f</span><span class="p">:</span><span class="n">da179b81f6cc4cfab5693ead0227583f</span>
<span class="n">Enter</span> <span class="n">password</span> <span class="n">again</span> <span class="k">for</span> <span class="n">check</span><span class="p">:</span> <span class="n">d399dc6259ca2df564e0b939abc334ffd77e41d8</span>
<span class="n">Your</span> <span class="n">password</span> <span class="ow">is</span> <span class="n">correct</span>
</pre></div><br/>Как правильно сравнивать SHA1 от пароля, который записан в БД с вводимым паролем?