table of Contents
table of Contents
A, hashlib module
Password encryption: No matter what you throw the string, he will return a string of fixed-length string
- It becomes a fixed character string
- The same result as the hash string
- Superposition
What is 1.0.1 hashlib
hash is an algorithm (Python3. hashlib module version instead of using md5 and sha module module, the main provider SHA1, SHA224, SHA256, SHA384, SHA512, MD5 algorithm), the algorithm accepts incoming content, through the operation get a bunch of hash value.
hashlib value features:
- As long as the incoming content, hash value obtained as clear text password can be used to transport non-cryptographic checksum
- Solutions can not be returned by the hash value into content that can guarantee the security of non-plaintext passwords
- As long as the same hash algorithm used, regardless of how the contents of the verification, the hash value of a fixed length obtained can be used in text hashing
In fact, the hash algorithm can be viewed as shown below in a factory that receives raw materials you sent, processed the returned product is the hash value
import hashlib
import hashlib
m = hashlib.md5()
m.update('hello'.encode('utf8'))
print(m.hexdigest())
#
5d41402abc4b2a76b9719d911017c592
import hashlib
m = hashlib.md5() # 固定的写法
m.update(b'123456')
# m.update(b'456')
print(m.hexdigest())
#
e10adc3949ba59abbe56e057f20f883e
import hashlib
m = hashlib.md5() # 固定的写法
m.update(b'123')
m.update(b'456')
print(m.hexdigest())
#
e10adc3949ba59abbe56e057f20f883e
1.0.2 crack the hash algorithm to encrypt hit library
hash encryption algorithm may seem very powerful, but he is certain defects, which can be hit by inverse solution of the library, the following code shown in FIG.
import hashlib
# 假定我们知道hash的微信会设置如下几个密码
pwd_list = [
'hash3714',
'hash1313',
'hash94139413',
'hash123456',
'123456hash',
'h123ash',
]
def make_pwd_dic(pwd_list):
dic = {}
for pwd in pwd_list:
m = hashlib.md5()
m.update(pwd.encode('utf-8'))
dic[pwd] = m.hexdigest()
return dic
def break_code(hash_pwd, pwd_dic):
for k, v in pwd_dic.items():
if v == hash_pwd:
print('hash的微信的密码是===>%s' % k)
hash_pwd = '0562b36c3c5a3925dbe3c4d32a4f2ba2'
break_code(hash_pwd, make_pwd_dic(pwd_list))
Micro-letter password hash is ===> hash123456
To prevent password knocked library, we can use python in another hmac module, it created internally and content key to encrypt and then we had some sort of deal.
If you want to ensure that the final result hmac module consistent, must ensure that:
- Hmac.new within parentheses as specified initial key
- No matter how many times the update, check the contents together to accumulate the same content
Two, hmac module
hmac module: password encryption, you can add salt
Note hmac module accepts only binary data encryption
The same usage
import hmac
# 注意hmac模块只接受二进制数据的加密
h1 = hmac.new(b'hash')
h1.update(b'hello')
h1.update(b'world')
print(h1.hexdigest())
905f549c5722b5850d602862c34a763e
h2 = hmac.new(b'hash')
h2.update(b'helloworld')
print(h2.hexdigest())
905f549c5722b5850d602862c34a763e
h3 = hmac.new(b'hashhelloworld')
print(h3.hexdigest())
a7e524ade8ac5f7f33f3a39a8f63fd25