如何使用Bcrypt加密Django中的密码
我正在尝试使用Bcrypt加密用户在注册时提供的密码,然后使用Bcrypt验证用户在登录时存储在数据库中的散列版本时提供的密码.
有关如何通过Django docs安装Bcrypt的一些非常好的文档,但它们实际上并没有向您展示如何使用Bcrypt来散列密码或使用其他命令. 你需要从某个地方导入Brcrypt吗?如果是这样,它的正确语法是什么?散列密码和将散列密码与非散列密码进行比较的语法是什么? 我在settings.py文件中安装了Bcrypted库,并通过pip安装了Bcrypt.使用Bcrypt还需要做什么? 解决方法
在你的链接:
我不确定第一句话是什么意思.您需要在settings.py中添加以下内容: PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.BCryptPasswordHasher','django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher','django.contrib.auth.hashers.SHA1PasswordHasher','django.contrib.auth.hashers.MD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher',)
您可以手动执行此操作:
https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#module-django.contrib.auth.hashers 或者,您可以使用authenticate():
https://docs.djangoproject.com/en/1.9/topics/auth/default/#authenticating-users 这里有些例子: (django186p34)~/django_projects/dj1$python manage.py shell Python 3.4.3 (v3.4.3:9b73f1c3e601,Feb 23 2015,02:52:03) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin Type "help","copyright","credits" or "license" for more information. (InteractiveConsole) >>> from django.conf import settings >>> print(settings.PASSWORD_HASHERS) ('django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher','django.contrib.auth.hashers.UnsaltedMD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher') 这些是默认值:我的settings.py中没有PASSWORD_HASHERS条目. >>> from django.contrib.auth.models import User >>> my_user = User.objects.create_user('ea87','ea@gmail.com','666monkeysAndDogs777') >>> my_user.save() >>> my_user.password 'pbkdf2_sha256$20000$L7uq6goI1HIl$RYqywMgPywhhku/YqIxWKbpxODBeczfLm5zthHjNSSk=' >>> my_user.username 'ea87' >>> from django.contrib.auth import authenticate >>> authenticate(username='ea87',password='666monkeysAndDogs777') <User: ea87> >>> print(authenticate(username='ea87',password='wrong password')) None >>> from django.contrib.auth.hashers import check_password >>> check_password('666monkeysAndDogs777',my_user.password) True >>> exit() 接下来,我将以下内容添加到settings.py中: PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',) (django186p34)~/django_projects/dj1$python manage.py shell Python 3.4.3 (v3.4.3:9b73f1c3e601,"credits" or "license" for more information. (InteractiveConsole) >>> from django.conf import settings >>> print(settings.PASSWORD_HASHERS) ('django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher') 注意元组前面的bcrypt哈希. >>> from django.contrib.auth.models import User >>> user = User.objects.get(username='ea87') >>> user <User: ea87> >>> user.password 'pbkdf2_sha256$20000$DS20ZOCWTBFN$AFfzg3iC24Pkj5UtEu3O+J8KOVBQvaLVx43D0Wsr4PY=' >>> user.set_password('666monkeysAndDogs777') >>> user.password 'bcrypt_sha256$$2b$12$QeWvpi7hQ8cPQBF0LzD4C.89R81AV4PxK0kjVXG73fkLoQxYBundW' 您可以看到密码已更改为bcrypt版本. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |