Hashing Password in .py file

Question

how i said in the title, i want the password to be hashed when is saved. Its possible with this?

    def __OnClickSaveLoginButton(self):
    id = self.idEditLine.GetText()
    pwd = self.pwdEditLine.GetText()
    if (len(id) == 0 or len(pwd) == 0):
        self.PopupNotifyMessage("ID and Password required",self.SetIDEditLineFocus)
        return
    file_object  = open("account.cfg", "w")
    file_object.write(id+"\n"+pwd)
    self.PopupNotifyMessage("Saved.",self.SetIDEditLineFocus)
    file_object.close()

Possible duplicate of [Hashing (hiding) strings in Python](https://stackoverflow.com/questions/19580412/hashing-hiding-strings-in-python) — Aran-Fey, Jan 25 '18 at 18:00

rsiemens · Accepted Answer · 2018-01-25T18:08:48.807

1

You'll want to use the python hashlib. An example could look something like this:

  import hashlib

  def valid_password(userid, password):
      user = get_user(userid)
      pw_hash = hashlib.sha256(password).hexdigest()
      if user.hash == pw_hash:
          return True
      return False

Also I recommend reviewing some password storage best practices noted in this SO

Edit: I used sh256 in this example, but that is more useful as a message digest. A better use would be hashlib.pbkdf2_hmac or another key derivation function. There is a good write up here.

edited Jan 25 '18 at 18:08

answered Jan 25 '18 at 18:00

rsiemens

615
6
15

But u could help me to fit my code in this hashing progress? – Bogdan CreativeVisuals Jan 25 '18 at 18:47
But i have one more question. When im trying to log in, the password remains "hashed". How to decode at login? I used just pw_hash = hashlib.sha256(password).hexdigest() – Bogdan CreativeVisuals Jan 25 '18 at 20:52
You won't be able to decode it. What you will need to do is rehash it and compare it to the hash that you stored to make sure they match. – rsiemens Jan 25 '18 at 23:58
As nudies mentioned at the end, DO NOT use a single round only, and DO NOT use a straight hash function. Use bcrypt, scrypt, pbkdf2 or argon2. – Anti-weakpasswords Jan 27 '18 at 06:35

score 1 · Answer 2 · answered Jan 27 '18 at 06:34

If you're going to hash passwords in Python, as nudies mentioned, hashlib.pbkdf2_hmac is correct.

If you want to save the result in Base64, that's a reasonable option, as it turns it into a character string.

Just remember you also have to store the salt and the number of iterations; choose as high a number of iterations as your CPU can stand.

DO NOT request more bytes of output than the native hash function can support; for instance, PBKDF2-HMAC-SHA-512 caps out at 64 bytes for password hashing; the others less.

I have a fully working example at my github repository, including test vectors for all the normal SHA variants, of which the core piece is

import argparse,hashlib,base64,timeit
BinaryOutput = hashlib.pbkdf2_hmac('sha512',args.password, args.salt, args.iterations, args.outputBytes)
BinaryOutput.encode('base64')

Hashing Password in .py file

2 Answers2