0

I just create a new aplication in python for registration. I save all the fields in database and user created successfully but the password is save same as it is we filled at the time of registration. How do I encrypt or use default functonality of python for password.

Please suggest me?

Ikke
  • 99,403
  • 23
  • 97
  • 120
Rahul Singla
  • 81
  • 1
  • 2
  • 8

5 Answers5

2

To make offline password cracking more expensive, you could use bcrypt.

If you are limited to the stdlib, there is crypt module on Unix: 

hashed = crypt.crypt(plaintext)
jfs
  • 399,953
  • 195
  • 994
  • 1,670
  • +1 bcrypt is the best option. In Django (which is what I suspect the author is using, based on his tags), this is called [`django.contrib.auth.hashers.BCryptPasswordHasher`](https://docs.djangoproject.com/en/dev/topics/auth/passwords/) – Alex L Feb 11 '13 at 07:58
1

you should hash the passwords, the following code hashes the raw-input password according to your PASSWORD_HASHERS in settings.py

from django.contrib.auth.hashers import make_password
pass = make_password(raw_pass) # hashing is done here
user.set_password(pass)
mabdrabo
  • 1,050
  • 21
  • 35
1

Don't implement such stuff yourself or you likely will do it wrong.

For password storage, using some reversible encoding or symetric encryption or a simple hash from hashlib or even a randomly salted hash are all major FAILURES nowadays.

If you are using django, use some strong algorithm provided by django (usually one of: bcrypt, pbkdf2, sha512_crypt).

When not using django: use passlib - after reading its documentation.

http://code.google.com/p/passlib/

Thomas Waldmann
  • 501
  • 2
  • 7
0

Hash the password upon getting it from the user (and on registration) to encrypt it. 

import hashlib
m = hashlib.sha1()
m.update("My users' password here")
m.digest()

Ref: http://docs.python.org/2/library/hashlib.html#module-hashlib

Montycarlo
  • 735
  • 3
  • 16
0

For actual encryption, you can try M2Crypto or PyCrypto. Those are probably what you are looking for; however, there are other ways to obfuscate your passwords for the average user:

(if you would like to read some more answers as to what encryption method might suit you best, check out this somewhat related SO post: Recommended Python cryptographic module?

hashlib will provide various hash algorithms (ex. "SHA1, SHA224, SHA256, SHA384, and SHA512"). A simple example: 

import hashlib
enc = hashlib.md5()
enc.update("Somerandompassword")
print enc.hexdigest()

And this will print you the md5 "Somerandompassword": c5532f9e756b4583db4c627c8aa7d303

However, for (base64) encoding, for example, try:

import base64
enc = base64.b64encode("Somerandompassword")

and decoding

dec = base64.b64decode("U29tZXJhbmRvbXBhc3N3b3Jk")
print dec

will print: Somerandompassword

Community
  • 1
  • 1
Friendly King
  • 2,396
  • 1
  • 23
  • 40
  • md5 is not an encryption method, but a hash method. And it can't be decrypted (which is the whole point). Other than that, md5 is not really suited for password hashing anymore, use something stronger for that. – Ikke Feb 11 '13 at 07:33
  • That's a very good point. You're definitely correct on that one. My fault. – Friendly King Feb 11 '13 at 07:34
  • 1
    base64 is not encryption, it's an encoding method. It's just as bad as plain text (everybody can decode it). – Ikke Feb 11 '13 at 07:43
  • If I am using hash then error comes "500 internal serve"...But now I found the solution..You just need to use this.. value.set_password("your password variable or password") – Rahul Singla Feb 11 '13 at 09:51