我正在开发一个使用python和flask的webapp。它有一个用户系统,当然还有一个注册表。我正在使用,加密要注册的用户的密码,passlib.hash.sha256。以下是我在做什么:sha256_crypt.encrypt总是返回另一个散列
from passlib.hash import sha256_crypt as sha256
[...]
if request.method == "POST" and form.validate():
username = request.form['username']
password = request.form['password']
confirm_password = request.form['confirm_password']
email = request.form['email']
password = sha256.encrypt(password) #Encryption.
c, conn = connection('accounts') #Connection to the database
x = c.execute("SELECT * FROM accounts WHERE username = '%s' OR email = '%s'" %(thwart(username), thwart(email)))
if x:
flash("We are very sorry, but this Username/Email-address is already taken. Please try again")
else:
c.execute('INSERT INTO accounts VALUES ("%s", "%s", "%s")' %(thwart(username), thwart(password), thwart(email)))
conn.commit()
flash('Succesfully Registered!')
在数据库中,即使输入了相同的密码,散列总是变化。有人知道为什么吗?我究竟做错了什么?
你已经发现了这个概念盐https://en.wikipedia.org/wiki/Salt_(cryptography)。你确定你有足够的资格来处理认证吗? –
你是什么意思“合格” – MisterMM23
我明白了。但是我没有编写任何可以添加随机数据的程序。这是python的sha256的新功能吗? – MisterMM23