关于密码加密的一点思路

关于密码加密的一点思路

如何在数据库被劫持代码泄露的情况下，用户密码依然不会被破解呢

带着这个问题我书写了一下代码

from hashlib import sha256, sha512

test_pwd = 'testpassword123'


class CipherHandler(object):
    """ 密码加密与密码比对 """
    # 密码盐
    salt = "cvbjd%*vfjkse#fuei"

    @classmethod
    def encrypt(cls, pwd: str) -> str:
        """ 先随机加盐，再用两次sha256/sha512加密 :return: """
        import random
        randnum = random.randint(1, 3)
        if randnum == 1:
            salt_pwd = ''.join([cls.salt, pwd])
            return cls._encryption(salt_pwd)

        elif randnum == 2:
            salt_pwd = ''.join([pwd, cls.salt])
            return cls._encryption(salt_pwd)

        elif randnum == 3:
            pwd_list = list(pwd)
            pwd_list.insert(randnum, cls.salt)
            salt_pwd = ''.join(pwd_list)

            return cls._encryption(salt_pwd)

    @classmethod
    def compare(cls, user_input_pwd: str,
                database_storage_pwd: str
                ) -> bool:
        """ 加密比对 :return: """
        pwd_list = []

        salt_pwd_one = ''.join([cls.salt, user_input_pwd])
        pwd_list.append(cls._encryption(salt_pwd_one))

        salt_pwd_two = ''.join([user_input_pwd, cls.salt])
        pwd_list.append(cls._encryption(salt_pwd_two))

        str_list = list(user_input_pwd)
        str_list.insert(3, cls.salt)
        salt_pwd_three = ''.join(str_list)
        pwd_list.append(cls._encryption(salt_pwd_three))

        if database_storage_pwd not in pwd_list:
            return False
        return True

    @classmethod
    def _encryption(cls, salt_pwd: str) -> str:
        one_encryption = sha512((salt_pwd).encode('utf-8')).hexdigest()
        enc_pwd = sha512((one_encryption).encode('utf-8')).hexdigest()
        return enc_pwd


# 加密
print(CipherHandler.encrypt(test_pwd))

# 校验比对
print(CipherHandler.compare(test_pwd,'32b5b701ece1747eb90935fa55fe96983126a9683dbb1a537750fe5527eb3552ce13d31e2d2fad07fd8fe755794973221404e3a528dfa74ff0aff93e8b6745c6'))