15👍
I think this maybe what you are looking for :
Manually managing a user’s password
make_password(password[, salt, hashers])
Creates a hashed password in
the format used by this application. It takes one mandatory argument:
the password in plain-text. Optionally, you can provide a salt and a
hashing algorithm to use, if you don’t want to use the defaults (first
entry of PASSWORD_HASHERS setting). Currently supported algorithms
are: ‘pbkdf2_sha256’, ‘pbkdf2_sha1’, ‘bcrypt_sha256’ (see Using bcrypt
with Django), ‘bcrypt’, ‘sha1’, ‘md5’, ‘unsalted_md5’ (only for
backward compatibility) and ‘crypt’ if you have the crypt library
installed. If the password argument is None, an unusable password is
returned (a one that will be never accepted by check_password()).
I want write function for using without django
Well luckily Django is open source, so you can go and take what you need. The functions source is visible here.
2👍
The most common (not safest) algorithm for hashing is md5
. Extracting a few ideas from Django’s password system can be this code:
import hashlib
def make_password(password):
assert password
hash = hashlib.md5(password).hexdigest()
return hash
def check_password(hash, password):
"""Generates the hash for a password and compares it."""
generated_hash = make_password(password)
return hash == generated_hash
>>> hash = make_password('hello123')
>>> hash
'f30aa7a662c728b7407c54ae6bfd27d1'
>>> check_password(hash, 'hello123')
True
>>> check_password(hash, 'Hello123')
False
Use make_password
to generate a hash and check_password
to check if the entered password is the same as the stored one.
As @Emil pointed out, Django supports multiple password hashers such as pbkdf2_sha256 and pbkdf2_sha1, storing the string as a 3-fold value separated by $
: algorithm$salt$hash
. salt
is a randomly generated string to prevent same password from repeating in the database.
- How to add custom error codes to Django Rest Framework
- How can I modify a widget's attributes in a ModelForm's __init__() method?
- Error when reverting an auto-generated migration for renaming a table in Django
- Assert that two lists of objects are equal in django testing
0👍
I have this working Node script, maybe it can help someone out there:
const crypto = require('crypto');
const djangoIterations = 260000; //Default for Django 3.2 (its increased to 480000 for new django versions)
function generateSalt(length) {
return crypto.randomBytes(length).toString('base64');
}
function djangoHash(password, iterations = djangoIterations, salt = generateSalt(12)) {
return new Promise((resolve, reject) => {
const keylen = 32;
const digest = 'sha256';
console.log(`Hashing password with ${iterations} iterations`);
console.log(`Salt: ${salt}`);
crypto.pbkdf2(password, salt, iterations, keylen, digest, (err, derivedKey) => {
if (err) reject(err);
else resolve({
algorithm: 'pbkdf2_sha256',
iterations: iterations,
salt: salt,
hash: derivedKey.toString('base64'),
});
});
});
}
djangoHash('my_password').then(({algorithm, iterations, salt, hash}) => {
console.log(`Hash ${hash}`);
const fullHash = `${algorithm}$${iterations}$${salt}$${hash}`;
console.log(fullHash);
}).catch(err => {
console.error(err);
});
Cheers!