如何使用bcrypt将纯文本密码与哈希密码进行比较? [英] How to compare plain text password to hashed password using bcrypt?

问题描述

我想使用bcrypt对密码进行哈希处理，然后再验证所提供的密码是否正确.

I would like to use bcrypt to hash passwords and later verify if a supplied password is correct.

哈希密码很简单:

import bcrypt

password = u'foobar'
password_hashed = bcrypt.hashpw(password, bcrypt.gensalt())

# then store password_hashed in a database

如何将纯文本密码与存储的哈希值进行比较?

How can I compare a plain text password to the stored hash?

推荐答案

使用py-bcrypt，您无需单独存储盐:bcrypt将盐存储在哈希中.

With py-bcrypt, you don't need to store the salt separately: bcrypt stores the salt in the hash.

您可以简单地将哈希用作盐，盐将存储在哈希的开头.

You can simply use the hash as a salt, and the salt is stored in the beginning of the hash.

>>> import bcrypt
>>> salt = bcrypt.gensalt()
>>> hashed = bcrypt.hashpw('secret', salt)
>>> hashed.find(salt)
0
>>> hashed == bcrypt.hashpw('secret', hashed)
True
>>>

这篇关于如何使用bcrypt将纯文本密码与哈希密码进行比较?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！