import bcrypt
hashedstring = bcrypt.gensalt()
password = bcrypt.hashpw(password,hashedstring)
我是否应在数据库表现场每次停播一次,以便下游击??
或者,我是否在法典中使用静态的预示?
您用来洗刷密码的盐类储存在由此产生的散草中,这意味着没有必要储存在数据库中,因为可以从散仓中回收。
根据项目页,可以这样做:
# Store a hash.
import bcrypt
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
store_in_db(user, hashed) #Where user is the user to load the hash for, and store_in_db does what it says on the tin.
# Check against an existing hash
import bcrypt
hashed = load_from_db(user) # (get the password of the user from database) Where user is the user to load the hash for, and load_from_db does what it says on the tin.
if bcrypt.hashpw(password, hashed) == hashed: # Where password is a plaintext password attempt.
print "It matches"
else:
print "It does not match"
是的,你应使用不同的盐类,而Brypt的盐价设计鼓励使用。
Short answer: Use a new salt for each password. (EDIT: with bcrypt you needn t store the salt separately)
如果攻击者从一个网站获得密码数据库,就会想象。 如果所有密码都使用共同盐,那么攻击者就能够轻易地找到使用共同密码的人:
hashedpwd = somehash( swordfish + salt)
然后,只需要一个数据库查询,以找到把箭鱼当作密码的人。 用户中总是有相当共同的密码。
另一方面,如果每个密码都有自己的盐类,数据库有100万个密码,攻击者必须计算100万海里,以便只检查一个密码,从而更加安全。
Is there a way to force Django models to pass a field to a MySQL function every time the model data is read or loaded? To clarify what I mean in SQL, I want the Django model to produce something like ...
I am looking for an enterprise tasks scheduler for python, like quartz is for Java. Requirements: Persistent: if the process restarts or the machine restarts, then all the jobs must stay there and ...
Given the following list that contains some duplicate and some unique dictionaries, what is the best method to remove unique dictionaries first, then reduce the duplicate dictionaries to single ...
Simple enough question: I m using python random module to generate random integers. I want to know what is the suggested value to use with the random.seed() function? Currently I am letting this ...
I m using PyDev under Eclipse to write some Jython code. I ve got numerous instances where I need to do something like this: import com.work.project.component.client.Interface.ISubInterface as ...
Python s paster serve app.ini is taking longer than I would like to be ready for the first request. I know how to profile requests with middleware, but how do I profile the initialization time? I ...
Our business currently has an online store and recently we ve been offering free specials to our customers. Right now, we simply display the special and give the buyer a notice stating we will add the ...
I m trying to convert a Python dictionary into a Python list, in order to perform some calculations. #My dictionary dict = {} dict[ Capital ]="London" dict[ Food ]="Fish&Chips" dict[ 2012 ]="...