Python for Entrepreneurs Transcripts
Chapter: User accounts and identity
Lecture: Concept: Hashing passwords

Login or purchase this course to watch this video and the rest of the course contents.
0:02 Let's review creating strong hashes and following the best practices
0:06 around storing passwords with passlib.
0:10 So remember, it starts by importing some kind of handler,
0:13 some kind of hash, from passlib, so passlib.handlers
0:17 and here we're getting the sha2, like you saw you can use becrypt
0:20 you can use a number of recommended hashes there.
0:24 So we're using sha512 nice and large, hard to guess and so on.
0:28 To create an encrypted password, we are going to just call "encrypt",
0:32 remember, this is one-way encryption, this is hashing,
0:35 we can never get this password back but given the plain text again
0:39 we can validate if running the same operation on it
0:42 actually generates the same hash.
0:44 This not only applies the hash as you saw
0:46 but it uses a 150 thousand password hash folds, so the way it works is
0:51 we take the password and we want to hand it off to the hashing algorithm,
0:55 of course, we are going to mix in some salt,
0:57 so that no matter what the word is, the actual thing that gets hashed
1:00 is not that word it's that word, plus some other random characters
1:04 that we again, mix in when we validate it.
1:06 So we are going to take this and we are going to do it again, and again, and again,
1:10 and eventually, what pops out is a much stronger password,
1:14 not this long, but in fact this great long thing as we saw right here
1:18 and it even has a little bit information about the number of times
1:21 so it's folded in the algorithm, so that when we later want to validate
1:24 it we know how to do that. This creates the hash.
1:27 Now, if we were given this hash, and a plain text password,
1:30 we would want to answer the question is well, if I were to hash it again,
1:35 is this valid, is this actually generated from the same plain text input
1:39 as the original hash was? We can do that with "verify",
1:44 so we say sha512_crypt.verify
1:47 and then we give it the secret or plain text password
1:50 and then the hash which we stored in the database.
1:52 We're not storing the plain text no, no store the hash.