0

I have a postgresql db which contains following data: enter image description here credentials are bytes stored in table with usage of psycopg2.Binary.

The issue is that the SELECT query run via Python returns strings (I need bytes to verify the credentials)

    def login_to_account(self):

        query = '''SELECT * FROM users WHERE login = %s'''
        try:
            result = db_ops.execute_queries(query, (self.username_input.text(),))
            is_correct_password(salt=result[2], pw_hash=result[3], password=self.password_input.text())
        except:
            QMessageBox.about(self, "Błąd logowania", "<b><p align='center'>Login lub hasło niepoprawne!<br>")

How can I convert it back? If this is a wrong way of storing and verifying credentials please let me know, Im new to this kind of stuff.

This is my salt+hash function that I use to encrypt and decrypt the data

import hmac

def hash_new_password(password: str) -> Tuple[bytes, bytes]:
    """
    Hash the provided password with a randomly-generated salt and return the
    salt and hash to store in the database.
    """
    salt = os.urandom(16)
    pw_hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt, 100000)
    return salt, pw_hash

def is_correct_password(salt: bytes, pw_hash: bytes, password: str) -> bool:
    """
    Given a previously-stored salt and hash, and a password provided by a user
    trying to log in, check whether the password is correct.
    """
    return hmac.compare_digest(
        pw_hash,
        hashlib.pbkdf2_hmac('sha256', password.encode(), salt, 100000)
    )
sjakobi
  • 3,546
  • 1
  • 25
  • 43
Mateusz Boćko
  • 3
  • 1
  • 1) **DO NOT use images for textual data** per [Don't use images](https://meta.stackoverflow.com/questions/285551/why-should-i-not-upload-images-of-code-data-errors/285557#285557). Copy and paste as text. 2) `psycopg2.Binary` is meant to be used with Postgres `bytea` type per [Binary](https://www.psycopg.org/docs/usage.html#adapt-binary) – Adrian Klaver Apr 14 '23 at 15:40

0 Answers0