Форум сайта python.su
В MariaDB пароль хранится в SHA1.
При запуске скрипта
#!/usr/bin/python import pymysql import getpass import uuid print("-------------------------") print("<<<<<<<<<Welcome>>>>>>>>>") print("-------------------------") username = input("Username:") db = pymysql.connect("hostname","user","pass","db") # prepare a cursor object using cursor() method cursor = db.cursor() cursor.execute("SELECT userID, password from permissions") data = cursor.fetchone() dbuser, dbpass = str(data[0]), data[1] print(data) print(dbuser) print(dbpass) if username == dbuser : password = getpass.getpass(prompt="Enter secret password:") else : print ("please try another user name. This user name is incorrect") def hash_password(password): salt = uuid.uuid4().hex return hashlib.sha1(salt.encode() + password.encode()).hexdigest() + ':' + salt def check_password(hashed_password, user_password): password, salt = hashed_password.split(':') return password == hashlib.sha1(salt.encode() + user_password.encode()).hexdigest() new_pass = input('Enter password: ') hashed_password = hash_password(new_pass) print('String for saving in database: ' + hashed_password) old_pass = input('Enter password again for check: ') if check_password(hashed_password, dbpass): print('Your password is correct') else: print('Sorry, password don\'t match')
------------------------- <<<<<<<<<Welcome>>>>>>>>> ------------------------- Username:659605758501 (659605758501, 'd399dc6259ca2df564e0b939abc334ffd77e41d8') 659605758501 d399dc6259ca2df564e0b939abc334ffd77e41d8 Enter secret password: Enter password: my_password String for saving in database: 9e691d981f2c5d240e27ba5d499b695693da6b8f:ab8ae339f01d43a7b8f9dda6ddda545a Enter password again for check: my_password Sorry, password don't match
------------------------- <<<<<<<<<Welcome>>>>>>>>> ------------------------- Username:659605758501 (659605758501, 'd399dc6259ca2df564e0b939abc334ffd77e41d8') 659605758501 d399dc6259ca2df564e0b939abc334ffd77e41d8 Enter secret password: Enter password: d399dc6259ca2df564e0b939abc334ffd77e41d8 String for saving in database: 7f9879cbf1eae806be740254ec4d317ec068186f:da179b81f6cc4cfab5693ead0227583f Enter password again for check: d399dc6259ca2df564e0b939abc334ffd77e41d8 Your password is correct
Отредактировано ffrr (Окт. 28, 2020 12:46:17)
Офлайн
Попробовал так:
#!/usr/bin/python import pymysql import getpass import uuid print("-------------------------") print("<<<<<<<<<Welcome>>>>>>>>>") print("-------------------------") username = input("Username:") db = pymysql.connect("hostname","user","pass","db") # prepare a cursor object using cursor() method cursor = db.cursor() cursor.execute("SELECT userID, password from permissions") data = cursor.fetchone() dbuser, dbpass = str(data[0]), data[1] print(data) print(dbuser) print(dbpass) if username == dbuser : password = getpass.getpass(prompt="Enter secret password:") def hash_password(password): salt = uuid.uuid4().hex return hashlib.sha1(salt.encode() + password.encode()).hexdigest() + ':' + salt def check_password(hashed_password, user_password): password, salt = hashed_password.split(':') return password == hashlib.sha1(salt.encode() + user_password.encode()).hexdigest() #new_pass = input('Enter password: ') #hashed_password = hash_password(new_pass) hashed_password = hash_password(password) print('String for saving in database: ' + hashed_password) old_pass = input('Enter password again for check: ') if check_password(hashed_password, dbpass): print('Your password is correct') else: print('Sorry, password don\'t match') else : print ("please try another user name. This user name is incorrect")
------------------------- <<<<<<<<<Welcome>>>>>>>>> ------------------------- Username:659605758501 (659605758501, 'd399dc6259ca2df564e0b939abc334ffd77e41d8') 659605758501 d399dc6259ca2df564e0b939abc334ffd77e41d8 Enter secret password: String for saving in database: 7abf5b2d5e0be1b5b820d2d851de05f9cc80ec91:f2a41829db8742d4a024580fcc1b6d63 Enter password again for check: my_password_as_text Sorry, password don't match
Офлайн
пароли совпадают, только если указать SHA1 от пароля, а не сам пароль:
------------------------- <<<<<<<<<Welcome>>>>>>>>> ------------------------- Username:659605758501 (659605758501, 'd399dc6259ca2df564e0b939abc334ffd77e41d8') 659605758501 d399dc6259ca2df564e0b939abc334ffd77e41d8 Enter secret password: String for saving in database: 3e2b2e4a8e2a45eb373f00e0f28ae2ac08953a05:57ad6fd53eed4e6d83241d67e45a6f94 Enter password again for check: d399dc6259ca2df564e0b939abc334ffd77e41d8 Your password is correct
Офлайн
ffrrНадо из вводимого пароля получить значение SHA1.
Как правильно сравнивать SHA1 от пароля, который записан в БД с вводимым паролем?
Офлайн
спасибо, у меня вышло таким образом:
if username == dbuser : while True: password = getpass.getpass(prompt="Enter secret password:") if (hashlib.sha1(password.encode()).hexdigest() == dbpass): print("Authentication success") break else: print("Bad password")
Офлайн