如何使用Bcrypt加密Django中的密码

发布时间：2020-12-16 23:37:19 所属栏目：Python 来源：网络整理

导读：我正在尝试使用Bcrypt加密用户在注册时提供的密码,然后使用Bcrypt验证用户在登录时存储在数据库中的散列版本时提供的密码. 有关如何通过Django docs安装Bcrypt的一些非常好的文档,但它们实际上并没有向您展示如何使用Bcrypt来散列密码或使用其他命令. 你需要

我正在尝试使用Bcrypt加密用户在注册时提供的密码,然后使用Bcrypt验证用户在登录时存储在数据库中的散列版本时提供的密码.

有关如何通过Django docs安装Bcrypt的一些非常好的文档,但它们实际上并没有向您展示如何使用Bcrypt来散列密码或使用其他命令.

你需要从某个地方导入Brcrypt吗？如果是这样,它的正确语法是什么？散列密码和将散列密码与非散列密码进行比较的语法是什么？

我在settings.py文件中安装了Bcrypted库,并通过pip安装了Bcrypt.使用Bcrypt还需要做什么？

解决方法

在你的链接：

The password attribute of a User object is a string in this format:

<algorithm>$<iterations>$<salt>$<hash> Those are the components used
for storing a User’s password,separated by the dollar-sign character
and consist of: the hashing algorithm,the number of algorithm
iterations (work factor),the random salt,and the resulting password
hash. The algorithm is one of a number of one-way hashing or password
storage algorithms Django can use; see below. Iterations describe the
number of times the algorithm is run over the hash. Salt is the random
seed used and the hash is the result of the one-way function.

I installed the Bcrypted library in the settings.py file…
What else do I need to do to use Bcrypt?

我不确定第一句话是什么意思.您需要在settings.py中添加以下内容：

PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.BCryptPasswordHasher','django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher','django.contrib.auth.hashers.SHA1PasswordHasher','django.contrib.auth.hashers.MD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher',)

use Bcrypt to validate a password a user provides upon login against
the hashed version stored in the database.

您可以手动执行此操作：

The django.contrib.auth.hashers module provides a set of functions to
create and validate hashed password. You can use them independently
from the User model.

check_password(password,encoded)
If you’d like to manually authenticate a user by comparing a plain-text password to the hashed
password in the database,use the convenience function
check_password(). It takes two arguments: the plain-text password to
check,and the full value of a user’s password field in the database
to check against,and returns True if they match,False otherwise.

https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#module-django.contrib.auth.hashers

或者,您可以使用authenticate()：

authenticate(**credentials)
To authenticate a given username and password,use authenticate(). It takes credentials in the form of
keyword arguments,for the default configuration this is username and
password,and it returns a User object if the password is valid for
the given username. If the password is invalid,authenticate() returns
None. Example:

06001

https://docs.djangoproject.com/en/1.9/topics/auth/default/#authenticating-users

这里有些例子：

(django186p34)~/django_projects/dj1$python manage.py shell

Python 3.4.3 (v3.4.3:9b73f1c3e601,Feb 23 2015,02:52:03) 
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help","copyright","credits" or "license" for more information.
(InteractiveConsole)

>>> from django.conf import settings
>>> print(settings.PASSWORD_HASHERS)

('django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher','django.contrib.auth.hashers.UnsaltedMD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher')

这些是默认值：我的settings.py中没有PASSWORD_HASHERS条目.

>>> from django.contrib.auth.models import User

>>> my_user = User.objects.create_user('ea87','ea@gmail.com','666monkeysAndDogs777')

>>> my_user.save()
>>> my_user.password
'pbkdf2_sha256$20000$L7uq6goI1HIl$RYqywMgPywhhku/YqIxWKbpxODBeczfLm5zthHjNSSk='
>>> my_user.username
'ea87'

>>> from django.contrib.auth import authenticate

>>> authenticate(username='ea87',password='666monkeysAndDogs777')
<User: ea87>

>>> print(authenticate(username='ea87',password='wrong password'))
None

>>> from django.contrib.auth.hashers import check_password

>>> check_password('666monkeysAndDogs777',my_user.password)
True

>>> exit()

接下来,我将以下内容添加到settings.py中：

PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',)

(django186p34)~/django_projects/dj1$python manage.py shell

Python 3.4.3 (v3.4.3:9b73f1c3e601,"credits" or "license" for more information.
(InteractiveConsole)

>>> from django.conf import settings
>>> print(settings.PASSWORD_HASHERS)
('django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher')

注意元组前面的bcrypt哈希.

>>> from django.contrib.auth.models import User

>>> user = User.objects.get(username='ea87')
>>> user
<User: ea87>

>>> user.password
'pbkdf2_sha256$20000$DS20ZOCWTBFN$AFfzg3iC24Pkj5UtEu3O+J8KOVBQvaLVx43D0Wsr4PY='

>>> user.set_password('666monkeysAndDogs777')
>>> user.password
'bcrypt_sha256$$2b$12$QeWvpi7hQ8cPQBF0LzD4C.89R81AV4PxK0kjVXG73fkLoQxYBundW'

您可以看到密码已更改为bcrypt版本.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!