Python Password Hashing (Bcrypt)

-


A hash is designed to act as ”one-way-function” making it easy to perform but very hard to reverse. The reason why this is so beneficial when it comes to password managing and login handling, is because it allows the developers to convert the original password into a unique phrase that can be stored in the database. By using a hash function the application don’t have to match the original password in clear text with the password given upon login as it does not know what that password is. Instead it only need to know what hashing function where used and then see if the password entered generates the same hash value as the one saved in the database. This little trick provides the same login functionality as when all passwords were in clear text but the difference here is that now it’s only the user who knows exactly what the password is.

Is Hashing flawless?

However this technique is not flawless, as nothing is really secure when it comes to Information Security. Since the hashing algorithms are publicly known hackers can utilize them as well, meaning that they can pre generate a large file of popular passwords from previous leaks or they can simple just brute force all possible combinations given that they have unlimited time and computer resources. This is possible as they get the exact same hash value as any system using the same hashing function, allowing them to save the value next to the password in clear text.


This means that if someone manage to access the database and retrieve the stored hash values they can do a quick search in their own file for a similar hash value and read the original password used to generate it. A different approach has therefore been utilized on top of the original Hashing approach to counter this flaw.

Hashing + salt

As a hashing function generates a nearly unique value for a given sentence (Duplicates has been seen for some hashing algorithms, making them depreciated) you can alter the output by adding just a single change in the original input. This addition is referenced to as a salt value as it is a extra value that is put on top of the original input. By doing so hashing values stored in the database becomes altered and can no longer be pre computed unless the exact same salt value is used.    


With this basic introduction to Hashing and Salt values its time to see how such can be coded within the programming language Python. For this example the hashing function Bcrypt is used.

import bcrypt


passwordToHash = b'Thomas123'
enteredPassword = b'Thomas123'

hashedPassword = bcrypt.hashpw(passwordToHash, bcrypt.gensalt(10))


if bcrypt.checkpw(enteredPassword, hashedPassword):
    print('Password Match')
else:
    print('Password does not match')


print(hashedPassword)

Using the above Python code, its possible to Hash a password with a salt value and then make a quick check for wether the entered password matches the hashed one. The output of the above code is:

Password Match
b'$2b$10$ZVJzDIUKm6vQQgJzUhKuAeUhLvkuNTBQopf.r9grHEYCdf8Gr2Ude'

The first line comes from the conditional statement where the password is evaluated to match, the second line comes from the print statement where the hashed password is printed as an example.

Kommentarer

Send en kommentar

Populære opslag fra denne blog

Artificial Intelligence - How it could lead to a greener and healthier world

-
Billede
This article is inspired by:  https://blogs.ei.columbia.edu/2018/06/05/artificial-intelligence-climate-environment/ One of the most discussed topics of this decade is without doubt global warming and how the climate changes are impacting our way of life. The general tempature is rising and the weather is getting more extreme. Its therefore vital that we find the most effecient solutions within the next decades if we are to save the next generations from living with the mistakes of the past. Many solutions do already exists to decrease the overall consumption of oil and gas, however most of these are either very expensive to implement or require us to rethink our daily habits. It's therefore important that we are as effecient as possible when it comes to managing the impact of climate changes and implementing countering solutions. To achieve such a new tool has been presented which we are only starting the see the real possibilties of namly Artifical Intelligence.  To ...
Læs mere

REST API (Web API) Part 2 - Security

-
Billede
This post is part 2 in the series of REST API's using spring and spring boot. If you have not yet read part 1, then please do so in order to follow along the steps in this tutorial. However if you only wish to obtain the information about API Security and have no interest in building a rest service yourself using JAVA then feel free to read along. In order to secure a REST API or anything else for that matter, we need to have a formal understanding of what security is within this context. This tutorial will focus on security centered around Authentication and Authorization as this is what we are going to center our implementation around. Authentication Authentication is the act of proving the identity of who we are. So when someone is trying to access our REST API, we want to ensure that the caller can be identified and thereby only allow trusted users to access the service. The most basic way of authentication is by using a User/password approach which works if we trust tha...
Læs mere

Uber Technology Stack

-
Billede
The Content of this blog post is based on:  https://eng.uber.com/tech-stack-part-one/ Almost everyone in the western world is familiar with the app called Uber. Uber is without doubt the most popular service of reliable transportation. By focusing entirely on mobile platforms they are a so called next generation company, which takes advantages of how a simple application build up around a strong inovative idea can make an impact on millions of people around the world. However a good idea and a great UI can't stand alone, especially not when dealing with such a large user base. In this blog post we will try break down the technology stack used in Uber. As Ubers user base has grown with such a rapid speed, they now face similar global scaling problems as some of the most successful software companies. The infrastructure and storage of Uber has therefore changed since their first launch and will most likely conteniue to do so as new solutions is found to optimize todays stand...
Læs mere