Created
November 13, 2013 01:01
-
-
Save jvalleroy/7441756 to your computer and use it in GitHub Desktop.
Step-through of password hashing code in Plinth using passlib's bcrypt.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/NickDaly/Plinth/pull/52/files | |
Storing the password (add_user function in modules/installed/lib/auth.py): | |
>>> passphrase = "secretpassword" | |
>>> pass_hash = bcrypt.encrypt(passphrase) | |
>>> pass_hash | |
'$2a$12$cGf.hqxlyfTJk7HtyhAtDu48gazW1W8rJZt9choiP9/7Rff18yQeW' | |
# 2a is the identifying prefix | |
# 12 is the number of rounds (default value) | |
# The next 22 characters after the $ is the salt. | |
# The final 31 characters are the checksum. | |
>>> salt = pass_hash[7:29] | |
>>> salt | |
'cGf.hqxlyfTJk7HtyhAtDu' | |
Checking the password (check_credentials function in modules/installed/lib/auth.py): | |
>>> pass_hash = bcrypt.encrypt(passphrase, salt=salt) | |
>>> pass_hash | |
'$2a$12$cGf.hqxlyfTJk7HtyhAtDu48gazW1W8rJZt9choiP9/7Rff18yQeW' | |
# As long as we use the same passphrase and salt, this will match the pass_hash above. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment