Python for Entrepreneurs Transcripts
Chapter: User accounts and identity
Lecture: Concept: Hashing passwords
Login or
purchase this course
to watch this video and the rest of the course contents.
0:02
Let's review creating strong hashes and following the best practices around storing passwords with passlib.
0:11
So remember, it starts by importing some kind of handler, some kind of hash, from passlib, so passlib.handlers
0:18
and here we're getting the sha2, like you saw you can use becrypt you can use a number of recommended hashes there.
0:25
So we're using sha512 nice and large, hard to guess and so on. To create an encrypted password, we are going to just call "encrypt",
0:33
remember, this is one-way encryption, this is hashing, we can never get this password back but given the plain text again
0:40
we can validate if running the same operation on it actually generates the same hash. This not only applies the hash as you saw
0:47
but it uses a 150 thousand password hash folds, so the way it works is we take the password and we want to hand it off to the hashing algorithm,
0:56
of course, we are going to mix in some salt, so that no matter what the word is, the actual thing that gets hashed
1:01
is not that word it's that word, plus some other random characters that we again, mix in when we validate it.
1:07
So we are going to take this and we are going to do it again, and again, and again, and eventually, what pops out is a much stronger password,
1:15
not this long, but in fact this great long thing as we saw right here and it even has a little bit information about the number of times
1:22
so it's folded in the algorithm, so that when we later want to validate it we know how to do that. This creates the hash.
1:28
Now, if we were given this hash, and a plain text password, we would want to answer the question is well, if I were to hash it again,
1:36
is this valid, is this actually generated from the same plain text input as the original hash was? We can do that with "verify",
1:45
so we say sha512_crypt.verify and then we give it the secret or plain text password and then the hash which we stored in the database.
1:53
We're not storing the plain text no, no store the hash.