当前位置:网站首页>A little thought about password encryption

A little thought about password encryption

2022-08-02 14:21:00 Spaghetti Mixed with No. 42 Concrete

A little thought on password encryption

How in the case that the database is leaked by the hijacking code,The user password will still not be cracked

With this question in mind, I wrote some code

from hashlib import sha256, sha512

test_pwd = 'testpassword123'


class CipherHandler(object):
    """ Password encryption and password comparison """
    # 密码盐
    salt = "cvbjd%*vfjkse#fuei"

    @classmethod
    def encrypt(cls, pwd: str) -> str:
        """ Randomly add salt first,use it twicesha256/sha512加密 :return: """
        import random
        randnum = random.randint(1, 3)
        if randnum == 1:
            salt_pwd = ''.join([cls.salt, pwd])
            return cls._encryption(salt_pwd)

        elif randnum == 2:
            salt_pwd = ''.join([pwd, cls.salt])
            return cls._encryption(salt_pwd)

        elif randnum == 3:
            pwd_list = list(pwd)
            pwd_list.insert(randnum, cls.salt)
            salt_pwd = ''.join(pwd_list)

            return cls._encryption(salt_pwd)

    @classmethod
    def compare(cls, user_input_pwd: str,
                database_storage_pwd: str
                ) -> bool:
        """ 加密比对 :return: """
        pwd_list = []

        salt_pwd_one = ''.join([cls.salt, user_input_pwd])
        pwd_list.append(cls._encryption(salt_pwd_one))

        salt_pwd_two = ''.join([user_input_pwd, cls.salt])
        pwd_list.append(cls._encryption(salt_pwd_two))

        str_list = list(user_input_pwd)
        str_list.insert(3, cls.salt)
        salt_pwd_three = ''.join(str_list)
        pwd_list.append(cls._encryption(salt_pwd_three))

        if database_storage_pwd not in pwd_list:
            return False
        return True

    @classmethod
    def _encryption(cls, salt_pwd: str) -> str:
        one_encryption = sha512((salt_pwd).encode('utf-8')).hexdigest()
        enc_pwd = sha512((one_encryption).encode('utf-8')).hexdigest()
        return enc_pwd


# 加密
print(CipherHandler.encrypt(test_pwd))

# 校验比对
print(CipherHandler.compare(test_pwd,'32b5b701ece1747eb90935fa55fe96983126a9683dbb1a537750fe5527eb3552ce13d31e2d2fad07fd8fe755794973221404e3a528dfa74ff0aff93e8b6745c6'))
原网站

版权声明
本文为[Spaghetti Mixed with No. 42 Concrete]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/214/202208021400450696.html

边栏推荐

猜你喜欢

随机推荐