[转]Flask加盐密码生成和验证函数 - digwtx's Blog
[转]Flask加盐密码生成和验证函数
本文介绍Flask密码生成和密码验证的一种通用方法。所使用的函数为Flask框架内
置的函数:generate_password_hash, check_password_hash。
密码加密简介
密码存储的主要形式:
- 明文存储:肉眼就可以识别,没有任何安全性。
- 加密存储:通过一定的变换形式,使得密码原文不易被识别。
密码加密的几类方式:
-
明文转码加密:BASE64, 7BIT等,这种方式只是个障眼法,不是真正的加密。
-
对称算法加密:DES, RSA等。
-
签名算法加密:也可以理解为单向哈希加密,比如MD5, SHA1等。加密算法固定,容
易被暴力破解。如果密码相同,得到的哈希值是一样的。 -
加盐哈希加密:加密时混入一段“随机”字符串(盐值)再进行哈希加密。即使
密码相同,如果盐值不同,那么哈希值也是不一样的。现在网站开发中主要是运
用这种加密方法。
密码生成函数:generate_password_hash
函数定义:
werkzeug.security.generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)
generate_password_hash是一个密码加盐哈希函数,生成的哈希值可通过
check_password_hash()进行验证。
哈希之后的哈希字符串格式是这样的:
method$salt$hash
参数说明:
-
password: 明文密码 -
method: 哈希的方式(需要是hashlib库支持的),格式为
pbpdf2:<method>[:iterations]。参数说明:-
method:哈希的方式,一般为SHA1, -
iterations:(可选参数)迭代次数,默认为1000。
-
-
slat_length: 盐值的长度,默认为8。
密码生成示例:
>>> from werkzeug.security import generate_password_hash
>>> print generate_password_hash('123456')
'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370'
因为盐值是随机的,所以就算是相同的密码,生成的哈希值也不会是一样的。
密码验证函数:check_password_hash
函数定义:
werkzeug.security.check_password_hash(pwhash, password)
check_password_hash函数用于验证经过generate_password_hash哈希的密码
。若密码匹配,则返回真,否则返回假。
参数:
-
pwhash:generate_password_hash生成的哈希字符串 -
password: 需要验证的明文密码
密码验证示例:
>>> from werkzeug.security import check_password_hash
>>> pwhash = 'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370'
>>> print check_password_hash(pwhash, '123456')
True
小结
上面就是密码生成和验证的方法,一般来说,默认的加密强度已经足够了,如果需
要更复杂的密码,可以加大盐值长度和迭代次数。
2019年6月21日 13:20
everyone has one funny friend if you also have that type of friend and you want to share friendship whatsapp status here you can download all type free vidoe status
2022年8月20日 02:54
Netflix Student Discount | Only 5 steps to Redeem It For Free 2021. Netflix has no such student discounts. So if you are on a very tight budget, you may want to consider signing up for the trial period. netflix student discount Request Netflix student discount. Sorry, Netflix isn't offering a student discount through Student Beans right now. Register now netflix student account
2022年9月11日 13:15
Welcome to Drift Boss, an exciting and difficult online racing game that tests a player's logical thinking. With precise time, the players maneuver an automobile through an unending, winding road while avoiding falling into the outer emptiness.
Not only must you drive closer to the finish line than your opponent to win this game, but you must also show inventiveness in your performance
2022年9月26日 15:45
只对密码进行md5加密很容易反推出来,另外两个用户的密码相同时,trap the cat 数据库保存相同的密码,trap the cat 知道一个用户的密码就知道另一个。
2022年10月05日 15:06
We all have that one buddy that always makes us laugh, and if you're looking for a way to express your own <a href="https://fivenightsatfreddys.online">five nights at freddy's</a> sense of humor to your pals on WhatsApp, you can get free video statuses of every kind right here.
2022年10月05日 15:07
<a href="https://www.google.com/">google</a>
[URL=https://www.google.com/]google[/URL]
[url=https://www.google.com/]google[/url]
https://www.google.com
[google](https://www.google.com/)
2022年10月05日 15:09
google
2022年10月21日 09:33
I've lost count of how many times I've played the incredible mario games, yet it never gets old.
2022年10月21日 18:19
Amazing
2022年11月18日 11:11
Hello friend. Really happy to be here!
2022年11月30日 11:19
Great information
2022年12月01日 17:41
Located on both the California and Nevada sides of the border, the Sierra Nevada mountains are a popular tourist <a href="https://drifthunters2.io">drift hunters</a> destination. Hotels in Lake Tahoe may be found all over the place due to the lake's popularity, but it's important to bear in mind that there are two separate sides.
2022年12月29日 16:43
This is an unimaginable strategy of basic info for me. A shared appreciation pledge
2023年1月04日 10:12
It is so easy to find your way around the website.
2023年4月04日 09:55
werkzeug.security.check_password_hash(pwhash, password)
check_password_hash函数用于验证经过generate_password_hash哈希的密码 。若密码匹配,则返回真,否则返回假。
2023年5月25日 11:44
Can I share it?
2023年6月01日 14:43
This post is very cool! Thank you for sharing the knowledge! In case you are interested in the celeb height wiki information and news, it's our pleasure to have you visit our website.
2023年6月07日 17:12
this is an unfathomable approach to acquiring such fundamental knowledge. An expression of mutual gratitude
2023年9月21日 16:28
Thank you for sharing the knowledge! In case you are interested
2023年10月26日 12:39
At any time and at one's own pace, mini crossword puzzles can be relished. Depending on an individual's preferences and availability, they can be played in short intervals or for extended durations.
2023年11月16日 19:31
It was a really helpful and very informative blog. It really helps me a lot but if you want to also learn something new and interesting.
2023年12月07日 15:24
Unlock exclusive and extraordinary collections of racing cars
Anticipate to experience the exhilaration of high-speed racing! Launch Garena Speed Drifters immediately to demonstrate your prowess behind the wheel.
2023年12月07日 15:37
Good article @drift boss
2023年12月13日 17:33
Please let me know if you are interested in the information I have shared with you.
2024年1月10日 13:34
Pavzi.com provides all the news about Gadgets, the Economy, Technology, Business, Finance and many more. The main concept or our aim behind this website has been the will to provide resources with full information on each topic which can be accessed through the Internet. To ensure that every reader gets what is important and worthy about the topic they search and link to hear from us. pavzi.com Our site is a multiple Niche or category website which will ensure to provide information and resources on each and every topic. Some of the evergreen topics you will see on our website are Career, Job Recruitment, Educational, Technology, Reviews and others. We are targeting mostly so it is true that Tech, Finance, and Product Reviews. The only reason we have started this website is to make this site the need for your daily search use.