Differences between revisions 5 and 8 (spanning 3 versions)
Revision 5 as of 2008-11-15 14:00:13
Size: 1087
Editor: localhost
Comment: converted to 1.6 markup
Revision 8 as of 2015-07-25 04:58:14
Size: 1624
Editor: RyanOHoro
Comment: Fixed broken pragma
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
Line 9: Line 8:
{{{
#!python
import md5		 {{{#!python
import hashlib
Line 15: Line 13:
print md5.new( key_string ).hexdigest() print hashlib.md5( key_string ).hexdigest()
Line 17: Line 15:
Line 20: Line 17:
The "hexdigest" form is the form you frequently find used in databases and in online forums. The "hexdigest" form is the form you frequently find used in databases and in online forums. However, using MD5 for password storage is strongly discouraged. Please see the Security section for more information.
Line 23: Line 20:

A good idea is to include a 'salt' with the hash as well, which will prevent people using a dictionary with
md5 hashes of common passwords. When you check a password, just add the salt to the front of the password and hash it.
The salt can be any random string.		 A good idea is to include a 'salt' with the hash as well, which will prevent people using a dictionary with  md5 hashes of common passwords. When you check a password, just add the salt to the front of the password and hash it. The salt can be any random string.
Line 30: Line 24:
{{{
#!python
import md5		 {{{#!python
import hashlib
Line 37: Line 30:
hash = md5.new( salt + key_string ).hexdigest() hash = hashlib.md5( salt + key_string ).hexdigest()
Line 40: Line 33:
Line 43: Line 35:
== Security ==
Use caution when utilizing hashes for passwords. MD5 is no longer considered safe for password storage. Consider instead [[https://pypi.python.org/pypi/scrypt/|scrypt]], [[https://pypi.python.org/pypi/bcrypt/|bcrypt]], or [[https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf2_hmac|PBDKF2]] utilizing 100,000 rounds or more.

Reference: https://gist.github.com/tqbf/be58d2d39690c3b366ad
Line 44: Line 41:

MD5 Passwords

It's very easy to create MD5 passwords with Python-

You just:

Toggle line numbers 
   1 import hashlib
   2 
   3 key_string = raw_input( "Key to turn into an MD5 password? " )
   4 
   5 print hashlib.md5( key_string ).hexdigest()

ex: "robots" turns into "27f5e15b6af3223f1176293cd015771d"

The "hexdigest" form is the form you frequently find used in databases and in online forums. However, using MD5 for password storage is strongly discouraged. Please see the Security section for more information.

Salting

A good idea is to include a 'salt' with the hash as well, which will prevent people using a dictionary with md5 hashes of common passwords. When you check a password, just add the salt to the front of the password and hash it. The salt can be any random string.

Something like this:

Toggle line numbers 
   1 import hashlib
   2 
   3 key_string = "SecretPassword"
   4 salt = "1Ha7"
   5 
   6 hash = hashlib.md5( salt + key_string ).hexdigest()
   7 print "%s:%s" % (salt, hash) # Store these

AnthonyBriggs

Security

Use caution when utilizing hashes for passwords. MD5 is no longer considered safe for password storage. Consider instead scrypt, bcrypt, or PBDKF2 utilizing 100,000 rounds or more.

Reference: https://gist.github.com/tqbf/be58d2d39690c3b366ad

See Also

Discussion

Md5Passwords (last edited 2015-07-25 04:58:14 by RyanOHoro)

Unable to edit the page? See the FrontPage for instructions.