Web-based services and websites store hashed versions of your passwords, which means your actual password isn’t visible or stored in their database instead a string of fixed-length characters is stored.<\/p>\n\n\n\n
Hashing is a security technique used to secure your passwords or texts stored in databases. A hash function is used to generate a string of unique fixed-length characters from the provided password by the user.<\/p>\n\n\n\n
Let’s see how the hashing is done. In this article, you’ll use the bcrypt<\/a> library to hash the user’s password and then compare that hashed password to the actual password in Python. You’ll also learn more about the bcrypt library.<\/p>\n\n\n\n Open your terminal window and run the following command to install the Now that the In this section, you’ll see the functions provided by the The above code imports the The code uses the The salt is a random and unique string of characters combined with the password before hashing to provide additional security, it will always be unique, if two users have the same password, their hashed passwords will be different.<\/p>\n<\/blockquote>\n\n\n\n Then the actual password ( Finally, the actual and hashed passwords are decoded and printed.<\/p>\n\n\n\n Now that you’ve hashed the password, the next step is to verify the actual password’s hash value against the user-provided password.<\/p>\n\n\n\n The above code uses the Then the code prints the KDF<\/strong> (Key Derivation Function) is used to add additional security in password hashing. KDFs are used to derive keys from passwords for authentication purposes while including salt and the number of rounds.<\/p>\n\n\n\n The above code uses the Finally, the result stored in the The code derives the key from the user-provided password ( Then the code verifies the derived keys from the user-provided password ( The output indicates that the key derived from the user-provided password matches the key derived from the actual password.<\/p>\n\n\n\n The The above code customizes the salt generation by passing the You can notice that in the beginning after Password hashing prevents exposing the user’s actual password to the attackers. The hash function, which is simply a mathematical function is used to produce the hash value of the password.<\/p>\n\n\n\n In this article, you’ve learned to hash the user’s password using the \ud83c\udfc6Other articles you might be interested in if you liked this one<\/strong><\/p>\n\n\n\n \u2705Different methods to convert bytes into a string in Python<\/a>.<\/p>\n\n\n\n \u2705Create a WebSocket server and client in Python<\/a>.<\/p>\n\n\n\n \u2705Create multi-threaded Python programs using a threading module<\/a>.<\/p>\n\n\n\n \u2705Comparing the accuracies of 4 different pre-trained deep learning models<\/a>?<\/p>\n\n\n\n \u2705Upload and display images on the frontend using Flask<\/a>.<\/p>\n\n\n\nInstalling bcrypt<\/h2>\n\n\n\n
bcrypt<\/code> library using pip<\/em><\/strong>.<\/p>\n\n\n\npip install bcrypt<\/pre><\/div>\n\n\n\n
bcrypt<\/code> is installed in your system, the next step is to use it for hashing the user’s password.<\/p>\n\n\n\nHash Password using bcrypt<\/h2>\n\n\n\n
bcrypt<\/code> library that will help you generate salt<\/strong> and hash<\/strong> values.<\/p>\n\n\n\nimport bcrypt\n\n# Password to Hash\nmy_password = b'Sachinfromgeekpython'\n\n# Generating Salt\nsalt = bcrypt.gensalt()\n\n# Hashing Password\nhash_password = bcrypt.hashpw(\n password=my_password,\n salt=salt\n)\n\nprint(f\"Actual Password: {my_password.decode('utf-8')}\")\n# Print Hashed Password\nprint(f\"Hashed Password: {hash_password.decode('utf-8')}\")<\/pre><\/div>\n\n\n\nbcrypt<\/code> library for hashing the password. A test password is provided in bytes and is stored inside the my_password<\/code> variable.<\/p>\n\n\n\ngensalt()<\/code> function from the bcrypt<\/code> library to generate the salt, a string of characters to enhance security.<\/p>\n\n\n\n\n
my_password<\/code>) and salt (salt<\/code>) are passed to the hashpw()<\/code> function from the bcrypt<\/code> library to produce the hash value of the actual password.<\/p>\n\n\n\nActual Password: Sachinfromgeekpython\nHashed Password: $2b$12$RF6JLXecIE4qujuPgTwkC.GN2BsOmGf8Ji10LyquoBaHkHWUWgiAm<\/pre><\/div>\n\n\n\n
Check Password using bcrypt<\/h2>\n\n\n\n
import bcrypt\n\n# Password to Hash\nmy_password = b'Sachinfromgeekpython'\n\n# Generating Salt\nsalt = bcrypt.gensalt()\n\n# Hashing Password\nhash_password = bcrypt.hashpw(\n password=my_password,\n salt=salt\n)\n\n# User-provided Password\nuser_password = b'Sachinfromgeekpython'\n\n# Checking Password\ncheck = bcrypt.checkpw(\n password=user_password,\n hashed_password=hash_password\n)\n\n# This will print True or False\nprint(check)\n\n# Verifying the Password\nif check:\n print(\"Welcome to GeekPython.\")\nelse:\n print(\"Invalid Credential.\")<\/pre><\/div>\n\n\n\n
checkpw()<\/code> function from the bcrypt<\/code> library to check the user-provided password against the hashed password. The hashed password (hash_password<\/code>) and user-provided password (user_password<\/code>) are passed inside the function and the result is stored inside the check<\/code> variable.<\/p>\n\n\n\ncheck<\/code> variable to obtain the result. In the end, an if-else<\/code> statement is used to verify the password.<\/p>\n\n\n\nTrue\nWelcome to GeekPython.<\/pre><\/div>\n\n\n\n
True<\/code> in the output above indicates that the hashed password matches the user-provided password, making the first condition true.<\/p>\n\n\n\nHash Password Using KDF (Key Derivation Function)<\/h2>\n\n\n\n
import bcrypt\n\npassword = b'Sachinfromgeekpython'\nsalt = bcrypt.gensalt()\n\n# Using KDF from bcrypt Lib\nkey = bcrypt.kdf(\n password=password,\n salt=salt,\n desired_key_bytes=32,\n rounds=200\n)\n\n# Print Generated Key\nprint(f\"Key: {key}\")<\/pre><\/div>\n\n\n\nkdf()<\/code> function from the bcrypt<\/code> library to derive a key from the password. The function is passed with four parameters:<\/p>\n\n\n\n\n
password<\/code>: This parameter is set to the password<\/code> variable which contains a byte string.<\/li>\n\n\n\nsalt<\/code>: This parameter is set to the salt<\/code> variable that contains a unique and fixed-length salt.<\/li>\n\n\n\ndesired_key_bytes<\/code>: This parameter is set to 32<\/code> which is the desired length of the derived key we want. You can set it to your own desired length.<\/li>\n\n\n\nrounds<\/code>: This parameter is set to 200<\/code> which is the number of iterations to make the derivation of the key more computationally intense to increase security. The higher the rounds more the security but the more it uses resources and time.<\/li>\n<\/ul>\n\n\n\nkey<\/code> variable is printed.<\/p>\n\n\n\nKey: b'\\xc4#VW\\x9a\\x16\\xdbG?\\x11\\xa9\\xf7\\xbd\\x88\"7+zxo\\xfe@\\xce\\xab\\x89\\xc3g\\x1c\\xec~\\xbe\\xf7'<\/pre><\/div>\n\n\n\n
Verifying the Password with KDF<\/h2>\n\n\n\n
import bcrypt\n\npassword = b'Sachinfromgeekpython'\nsalt = bcrypt.gensalt()\n\n# Using KDF from bcrypt Lib\nkey = bcrypt.kdf(\n password=password,\n salt=salt,\n desired_key_bytes=32,\n rounds=200\n)\n\n# User-provided Password\nuser_password = b'Sachinfromgeekpython'\n\n# Deriving Key from User-provided Password\nuser_key = bcrypt.kdf(\n password=user_password,\n salt=salt,\n desired_key_bytes=32,\n rounds=200\n)\n\n# Verifying the Password\nif user_key == key:\n print(\"Welcome to GeekPython.\")\nelse:\n print(\"Invalid Credential.\")<\/pre><\/div>\n\n\n\n
user_password<\/code>) and stores it inside the user_key<\/code> variable.<\/p>\n\n\n\nuser_key<\/code>) and the actual password (password<\/code>).<\/p>\n\n\n\nWelcome to GeekPython.<\/pre><\/div>\n\n\n\n
Customizing Salt<\/h2>\n\n\n\n
gensalt()<\/code> function accepts two parameters: rounds<\/code> and prefix<\/code>, which allow you to customize the number of rounds of hashing to apply to the salt and prefix of the salt.<\/p>\n\n\n\nimport bcrypt\n\n# Customize Salt\nsalt = bcrypt.gensalt(\n rounds=30,\n prefix=b'2a'\n)\n\n# Print Generated Salt\nprint(salt.decode('utf-8'))<\/pre><\/div>\n\n\n\nrounds<\/code> parameter which is set to 30<\/code> and the prefix<\/code> parameter which is set to b'2a'<\/code> to the gensalt()<\/code> function.<\/p>\n\n\n\n$2a$30$5uKaXaXVceqCjmKkPf2mnu<\/pre><\/div>\n\n\n\n
$<\/code>, above provided 2a<\/code> is prefixed, and just after that 30<\/code> indicates the number of rounds.<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n
bcrypt<\/code> library in Python and then check the produced hash value against the user-provided password. Additionally, you’ve seen the KDF<\/strong> (Key Derivation Function) that adds additional security for hashing.<\/p>\n\n\n\n
\n\n\n\n