Created
December 22, 2020 23:08
-
-
Save K-Mistele/dd5c70c12c3ef33362b3cf799d6cdf97 to your computer and use it in GitHub Desktop.
Password hashing with bcrypt in python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import bcrypt | |
| # this will create the hash that you need to store in your database | |
| def create_bcrypt_hash(password): | |
| # convert the string to bytes | |
| password_bytes = password.encode() | |
| # generate a salt | |
| salt = bcrypt.gensalt(14) | |
| # calculate a hash as bytes | |
| password_hash_bytes = bcrypt.hashpw(password_bytes, salt) | |
| # decode bytes to a string | |
| password_hash_str = password_hash_bytes.decode() | |
| # the password hash string should similar to: | |
| # $2b$10$//DXiVVE59p7G5k/4Klx/ezF7BI42QZKmoOD0NDvUuqxRE5bFFBLy | |
| return password_hash_str | |
| # this will return true if the user supplied a valid password and | |
| # should be logged in, otherwise false | |
| def verify_password(password, hash_from_database): | |
| password_bytes = password.encode() | |
| hash_bytes = hash_from_database.encode() | |
| # this will automatically retrieve the salt from the hash, | |
| # then combine it with the password (parameter 1) | |
| # and then hash that, and compare it to the user's hash | |
| does_match = bcrypt.checkpw(password_bytes, hash_bytes) | |
| return does_match |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment