我正在開發一個使用python和flask的webapp。它有一個用戶系統,當然還有一個註冊表。我正在使用,加密要註冊的用戶的密碼,passlib.hash.sha256。以下是我在做什麼:sha256_crypt.encrypt總是返回另一個散列
from passlib.hash import sha256_crypt as sha256
[...]
if request.method == "POST" and form.validate():
username = request.form['username']
password = request.form['password']
confirm_password = request.form['confirm_password']
email = request.form['email']
password = sha256.encrypt(password) #Encryption.
c, conn = connection('accounts') #Connection to the database
x = c.execute("SELECT * FROM accounts WHERE username = '%s' OR email = '%s'" %(thwart(username), thwart(email)))
if x:
flash("We are very sorry, but this Username/Email-address is already taken. Please try again")
else:
c.execute('INSERT INTO accounts VALUES ("%s", "%s", "%s")' %(thwart(username), thwart(password), thwart(email)))
conn.commit()
flash('Succesfully Registered!')
在數據庫中,即使輸入了相同的密碼,散列總是變化。有人知道爲什麼嗎?我究竟做錯了什麼?
你已經發現了這個概念鹽https://en.wikipedia.org/wiki/Salt_(cryptography)。你確定你有足夠的資格來處理認證嗎? –
你是什麼意思「合格」 – MisterMM23
我明白了。但是我沒有編寫任何可以添加隨機數據的程序。這是python的sha256的新功能嗎? – MisterMM23