In this article, we are going to know how to hash passwords in python.
A strong password provides safety. Plain text passwords are extremely insecure, so we need to strengthen the passwords by hashing the password. Hashing passwords is a cheap and secure method that keeps the passwords safe from malicious activity. Password hashing generates a unique password for every text, even if the plaintext password is the same.
Why do we need to Hash a Password?
Hashing is used mainly to protect a password from hackers. Suppose, if a website is hacked, cybercriminals don’t get access to your password. Instead, they just get access to the encrypted “hash” created by the method of hashing.
What is salt in hashing?
In cryptography, a salt is random data used as an additional input to a one-way function that hashes data, such as a password. Salts are used to keep passwords safe while they are being stored. Historically, only the password’s cryptographic hash function was maintained on a system, but over time, additional precautions were developed to prevent the identification of duplicate or common passwords. One such prevention is salting.
Encryption: Encryption is the process of encoding plain text or any information in such a way that only authorized people can read it with a corresponding key so that confidential data can be protected from unauthorized persons.
Hashing: Hashing converts any amount of data into a fixed-length hash that cannot be reversed. It is widely used in cryptography. The hash allows us to validate if the input has changed even slightly, if it is changed the resulting hash will be different. In this article, we are going to learn the Salted Password Hashing technique. It includes converting an algorithm to map data of any size to a fixed length.
What is BCrypt?
The BCrypt Algorithm is used to hash and salt passwords in a secure way. BCrypt enables the creation of a password protection layer that can develop local hardware innovation in order to protect against long-term hazards or threats, such as attackers having the computational capacity to guess passwords twice as efficiently.
Install bcrypt using pip:
pip install bcrypt
Example: In this Program, we will be hashing the password using bcrypt.
Here we are using “GeekPassword” as an input to be converted to a hash.
Python
import bcrypt # Declaring our password password = b 'GeekPassword' # Adding the salt to password salt = bcrypt.gensalt() # Hashing the password hashed = bcrypt.hashpw(password, salt) # printing the salt print ( "Salt :" ) print (salt) # printing the hashed print ( "Hashed" ) print (hashed) |
Output:
What is Hashlib?
The Python hashlib module is an interface for easily hashing messages. This contains many methods that will handle hashing any raw message into an encrypted format. The main purpose of this module is to use a hash function on a string and encrypt it so that it is very difficult to decrypt it. hash library: It is used to create a hash table. The hash table is a data structure that is designed for searching through a set of entries, each of which is identified by a unique key.
Install hashlib using pip:
pip install hashlib
Example 2: In this Program, we will be hashing the password using hashlib.
Here we are using “GeekPassword” as an input to be converted to a hash.
Python
import hashlib # Declaring Password password = 'GeeksPassword' # adding 5gz as password salt = "5gz" # Adding salt at the last of the password dataBase_password = password + salt # Encoding the password hashed = hashlib.md5(dataBase_password.encode()) # Printing the Hash print (hashed.hexdigest()) |
Output:
Using the Argon2 algorithm:
One approach that is not mentioned in the provided article is using the Argon2 algorithm to hash passwords in Python. Argon2 is a password-hashing function that was selected as the winner of the Password Hashing Competition (PHC) in 2015. It is designed to be resistant to attacks such as dictionary attacks, brute-force attacks, and precomputation attacks.
To use Argon2 to hash passwords in Python, you can use the argon2-cffi library. Install using pip install argon2-cffi .Here is an example of how to use the argon2-cffi library to hash a password:
Python3
import argon2 # Declare the password as a bytes object password = b 'MySecurePassword' # Hash the password using Argon2 hashed_password = argon2.hash_password(password) # Print the hashed password print (hashed_password) |
Output:
b’$argon2i$v=19$m=65536,t=3,p=4$FHzFXaVPKR0Ryz2oymZ8Gw$3PMIBGgUPGq2CrzPTB+3BnsfX4l7p5At67Bg+Wi68Bw’