Backend DevelopmentPython TutorialSalted hash encryption and verification functions for passwords in the Flask frameworkSalted hash encryption and verification functions for passwords in the Flask framework
密码加密简介
密码存储的主要形式:
明文存储:肉眼就可以识别,没有任何安全性。
加密存储:通过一定的变换形式,使得密码原文不易被识别。
密码加密的几类方式:
明文转码加密:BASE64, 7BIT等,这种方式只是个障眼法,不是真正的加密。
对称算法加密:DES, RSA等。
签名算法加密:也可以理解为单向哈希加密,比如MD5, SHA1等。加密算法固定,容
易被暴力破解。如果密码相同,得到的哈希值是一样的。
加盐哈希加密:加密时混入一段“随机”字符串(盐值)再进行哈希加密。即使密码相同,如果盐值不同,那么哈希值也是不一样的。现在网站开发中主要是运用这种加密方法。
密码生成函数:generate_password_hash
函数定义:
werkzeug.security.generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)
generate_password_hash是一个密码加盐哈希函数,生成的哈希值可通过
check_password_hash()进行验证。
哈希之后的哈希字符串格式是这样的:
method$salt$hash
参数说明:
password: 明文密码
method: 哈希的方式(需要是hashlib库支持的),格式为
pbpdf2:
[:iterations]。参数说明: method:哈希的方式,一般为SHA1,
iterations:(可选参数)迭代次数,默认为1000。
slat_length: 盐值的长度,默认为8。
密码生成示例:
>>> from werkzeug.security import generate_password_hash >>> print generate_password_hash('123456') 'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370'
因为盐值是随机的,所以就算是相同的密码,生成的哈希值也不会是一样的。
密码验证函数:check_password_hash
函数定义:
werkzeug.security.check_password_hash(pwhash, password)
check_password_hash函数用于验证经过generate_password_hash哈希的密码
。若密码匹配,则返回真,否则返回假。
参数:
pwhash: generate_password_hash生成的哈希字符串
password: 需要验证的明文密码
密码验证示例:
>>> from werkzeug.security import check_password_hash >>> pwhash = 'pbkdf2:sha1:1000$X97hPa3g$252c0cca000c3674b8ef7a2b8ecd409695aac370' >>> print check_password_hash(pwhash, '123456') True
举例说明
from werkzeug.security import generate_password_hash, \
check_password_hash
class User(object):
def __init__(self, username, password):
self.username = username
self.set_password(password)
def set_password(self, password):
self.pw_hash = generate_password_hash(password)
def check_password(self, password):
return check_password_hash(self.pw_hash, password)
下面来看看是怎么工作的:
>>> me = User('John Doe', 'default') >>> me.pw_hash 'sha1$Z9wtkQam$7e6e814998ab3de2b63401a58063c79d92865d79' >>> me.check_password('default') True >>> me.check_password('defaultx') False
小结
上面就是密码生成和验证的方法,一般来说,默认的加密强度已经足够了,如果需
要更复杂的密码,可以加大盐值长度和迭代次数。
更多Flask框架中密码的加盐哈希加密和验证功能相关文章请关注PHP中文网!
What are some common operations that can be performed on Python arrays?Apr 26, 2025 am 12:22 AMPythonarrayssupportvariousoperations:1)Slicingextractssubsets,2)Appending/Extendingaddselements,3)Insertingplaceselementsatspecificpositions,4)Removingdeleteselements,5)Sorting/Reversingchangesorder,and6)Listcomprehensionscreatenewlistsbasedonexistin
In what types of applications are NumPy arrays commonly used?Apr 26, 2025 am 12:13 AMNumPyarraysareessentialforapplicationsrequiringefficientnumericalcomputationsanddatamanipulation.Theyarecrucialindatascience,machinelearning,physics,engineering,andfinanceduetotheirabilitytohandlelarge-scaledataefficiently.Forexample,infinancialanaly
When would you choose to use an array over a list in Python?Apr 26, 2025 am 12:12 AMUseanarray.arrayoveralistinPythonwhendealingwithhomogeneousdata,performance-criticalcode,orinterfacingwithCcode.1)HomogeneousData:Arrayssavememorywithtypedelements.2)Performance-CriticalCode:Arraysofferbetterperformancefornumericaloperations.3)Interf
Are all list operations supported by arrays, and vice versa? Why or why not?Apr 26, 2025 am 12:05 AMNo,notalllistoperationsaresupportedbyarrays,andviceversa.1)Arraysdonotsupportdynamicoperationslikeappendorinsertwithoutresizing,whichimpactsperformance.2)Listsdonotguaranteeconstanttimecomplexityfordirectaccesslikearraysdo.
How do you access elements in a Python list?Apr 26, 2025 am 12:03 AMToaccesselementsinaPythonlist,useindexing,negativeindexing,slicing,oriteration.1)Indexingstartsat0.2)Negativeindexingaccessesfromtheend.3)Slicingextractsportions.4)Iterationusesforloopsorenumerate.AlwayschecklistlengthtoavoidIndexError.
How are arrays used in scientific computing with Python?Apr 25, 2025 am 12:28 AMArraysinPython,especiallyviaNumPy,arecrucialinscientificcomputingfortheirefficiencyandversatility.1)Theyareusedfornumericaloperations,dataanalysis,andmachinelearning.2)NumPy'simplementationinCensuresfasteroperationsthanPythonlists.3)Arraysenablequick
How do you handle different Python versions on the same system?Apr 25, 2025 am 12:24 AMYou can manage different Python versions by using pyenv, venv and Anaconda. 1) Use pyenv to manage multiple Python versions: install pyenv, set global and local versions. 2) Use venv to create a virtual environment to isolate project dependencies. 3) Use Anaconda to manage Python versions in your data science project. 4) Keep the system Python for system-level tasks. Through these tools and strategies, you can effectively manage different versions of Python to ensure the smooth running of the project.
What are some advantages of using NumPy arrays over standard Python arrays?Apr 25, 2025 am 12:21 AMNumPyarrayshaveseveraladvantagesoverstandardPythonarrays:1)TheyaremuchfasterduetoC-basedimplementation,2)Theyaremorememory-efficient,especiallywithlargedatasets,and3)Theyofferoptimized,vectorizedfunctionsformathematicalandstatisticaloperations,making
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
Atom editor mac version download
The most popular open source editor
Notepad++7.3.1
Easy-to-use and free code editor
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
