This question is based on the answer.
I would like to know how you can hash your password by SHA1 and then remove the clear-text password in a MySQL database by Python.
How can you hash your password in a MySQL database by Python?
asked Jul 25, 2009 at 21:49
Léo Léopold Hertz 준영
143k191 gold badges467 silver badges721 bronze badges
4 Answers
As the documentation says you should use hashlib library not the sha since python 2.5.
It is pretty easy to do make a hash.
hexhash = hashlib.sha512("some text").hexdigest()
This hex number will be easy to store in a database.
1 Comment
David Johnstone
Better to do
hexhash = hashlib.sha512("some text" + salt).hexdigest(), where salt is a random string generated for each password and stored in the DB along with the hash. It helps avoid rainbow table attacks.If you're storing passwords in a database, a recommended article to read is Jeff's You're Probably Storing Passwords Incorrectly. This article describes the use of salt and some of the things about storing passwords that are deceptively easy to get wrong.
Comments
http://docs.python.org/library/sha.html
The python documentation explains this a lot better than I can.
1 Comment
Buttons840
It's depreciated since Python 2.5, you should now use docs.python.org/library/hashlib.html#module-hashlib (Although, I'm sure this answer was valid when it was posted in 2009).
You don't remove the clear-text password when you hash the password. What you do is accept an input from the user, hash the input, and compare the hash of the input to the hash stored in the database. You should never store or send the plain-text password that the user has.
That said, you can use the sha library as scrager said (pre-Python 2.5) and the hashlib library as David Raznick said in newer versions of Python.
hashlib.md5tohashlib.sha512!) MD5 is dead, and anyone who doesn't know that shouldn't go anywhere near passwords.