Created
March 13, 2015 13:56
-
-
Save gcmurphy/d38506d83cfffab0be2f to your computer and use it in GitHub Desktop.
Example where things can go wrong using bcrypt in python..
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# demo of what people 'may' do.. | |
import bcrypt | |
from hashlib import sha1 | |
salt = bcrypt.gensalt() | |
def hash_password(password): | |
# as per article various mechanisms may be employed | |
# to truncate the passwords length to 72 chars | |
return bcrypt.hashpw(sha1(password).digest(), salt) | |
def main(): | |
# both these passwords begin with null byte when fed into sha1 digest | |
pw1 = 'iagOn' | |
pw2 = 'tS4UaRxIks4fn7SzEp20R8RSkPGngP8Uj5yhypDlcac9nRaxnSX' | |
a = hash_password(pw1) | |
print(a) | |
b = hash_password(pw2) | |
print(b) | |
print(a == b) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment