[Solved]-Python password generator for django

15👍

I think this maybe what you are looking for :

Manually managing a user’s password

make_password(password[, salt, hashers])

Creates a hashed password in
the format used by this application. It takes one mandatory argument:
the password in plain-text. Optionally, you can provide a salt and a
hashing algorithm to use, if you don’t want to use the defaults (first
entry of PASSWORD_HASHERS setting). Currently supported algorithms
are: ‘pbkdf2_sha256’, ‘pbkdf2_sha1’, ‘bcrypt_sha256’ (see Using bcrypt
with Django), ‘bcrypt’, ‘sha1’, ‘md5’, ‘unsalted_md5’ (only for
backward compatibility) and ‘crypt’ if you have the crypt library
installed. If the password argument is None, an unusable password is
returned (a one that will be never accepted by check_password()).


I want write function for using without django

Well luckily Django is open source, so you can go and take what you need. The functions source is visible here.

2👍

The most common (not safest) algorithm for hashing is md5. Extracting a few ideas from Django’s password system can be this code:

import hashlib

def make_password(password):
    assert password
    hash = hashlib.md5(password).hexdigest()
    return hash

def check_password(hash, password):
    """Generates the hash for a password and compares it."""
    generated_hash = make_password(password)
    return hash == generated_hash


>>> hash = make_password('hello123')
>>> hash
'f30aa7a662c728b7407c54ae6bfd27d1'
>>> check_password(hash, 'hello123')
True
>>> check_password(hash, 'Hello123')
False

Use make_password to generate a hash and check_password to check if the entered password is the same as the stored one.

As @Emil pointed out, Django supports multiple password hashers such as pbkdf2_sha256 and pbkdf2_sha1, storing the string as a 3-fold value separated by $: algorithm$salt$hash. salt is a randomly generated string to prevent same password from repeating in the database.

0👍

I have this working Node script, maybe it can help someone out there:

const crypto = require('crypto');

const djangoIterations = 260000; //Default for Django 3.2 (its increased to 480000 for new django versions)

function generateSalt(length) {
  return crypto.randomBytes(length).toString('base64');
}

function djangoHash(password, iterations = djangoIterations, salt = generateSalt(12)) {
  return new Promise((resolve, reject) => {
    const keylen = 32;
    const digest = 'sha256';
    console.log(`Hashing password with ${iterations} iterations`);
    console.log(`Salt: ${salt}`);
    crypto.pbkdf2(password, salt, iterations, keylen, digest, (err, derivedKey) => {
      if (err) reject(err);
      else resolve({
        algorithm: 'pbkdf2_sha256',
        iterations: iterations,
        salt: salt,
        hash: derivedKey.toString('base64'),
      });
    });
  });
}

djangoHash('my_password').then(({algorithm, iterations, salt, hash}) => {
  console.log(`Hash ${hash}`);
  const fullHash = `${algorithm}$${iterations}$${salt}$${hash}`;
  console.log(fullHash);
}).catch(err => {
  console.error(err);
});

Cheers!

Leave a comment