0

I am creating a dice game and want to introduce password hashing and user is required to enter their username and password. I am new to hashing and I tried this:

from getpass import getpass
from hashlib import pbkdf2_hmac as pwhash

def login(users):
    username = input('please enter username: ')
    if username not in users:
        print("access denied")
        exit()

    password_hash = None
    while password_hash != users[username]:
        password_hash = pwhash("sha256", getpass().encode("ascii"), b"t4h20p8g24j", 100000)

    print("access granted")
    return username
login(users)

I then received the following message on console: 

GetPassWarning: Can not control echo on the terminal.

so I tried a different ide (went from idle to intellij pycharm) yet the same issue still came about.

I saw other questions but an environment where stdin, stdout and stderr are connected to /dev/tty, or another PTY-compliant device. doesn't really make sense to me I tried to comment but I need more rep. Also I'm running on PyCharm not idle

Krishna
  • 25
  • 1
  • 11
  • Possible duplicate of ["GetPassWarning: Can not control echo on the terminal" when running from IDLE](https://stackoverflow.com/questions/38878741/getpasswarning-can-not-control-echo-on-the-terminal-when-running-from-idle) – Thierry Lathuille Jan 26 '19 at 12:28
  • I tried to comment on that for a bit more clarification but it says I need more reputation – Krishna Jan 26 '19 at 12:30
  • Then you should refer to that question in yours, and explain how exactly it doesn't answer your problem. Also, try to create a [mcve] when asking questions: the whole hashing/users part in your current question is irrelevant if your question is only about using `getpass`. – Thierry Lathuille Jan 26 '19 at 12:35
  • In short: don't try to use your script from PyCharm, but use a real terminal. – Thierry Lathuille Jan 26 '19 at 12:36

1 Answers1

0

The input was echoed because the while loop never exited as the condition was not met: the password in the dictionary was stored as plain text just needed to hash the values in the dictionary.

def check_password(hashed_password, user_password):
    password, salt = hashed_password.split(':')
    return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
Krishna
  • 25
  • 1
  • 11