For a programming exercise I designed for myself, and for use in a pretty non-secure system later on, I'm trying to compare MD5 hashes. The one that is stored in a plain text file and is pulled out by the check_pw()
function and the one that is created from the submitted password from a CGI form. md5_pw(
) is used to create all the hashes in the program.
For some reason, if (pair[1] == md5_pw(pw))
always fails, even though my program prints out identical hashes in my error checking lines:
print "this is the pw from the file: ", pair[1], "<br />" print "this is the md5 pw you entered: ", md5_pw(pw), "<br />"
Where am I messing up?
Code:
def md5_pw(pw):
"""Returns the MD5 hex digest of the pw with addition."""
m = md5.new()
m.update("4hJ2Yq7qdHd9sdjFASh9"+pw)
return m.hexdigest()
def check_pw(user, pw, pwfile):
"""Returns True if the username and password match, False otherwise. pwfile is a xxx.txt format."""
f = open(pwfile)
for line in f:
pair = line.split(":")
print "this is the pw from the file: ", pair[1], "<br />"
print "this is the md5 pw you entered: ", md5_pw(pw), "<br />"
if (pair[0] == user):
print "user matched <br />"
if (pair[1] == md5_pw(pw)):
f.close()
return True
else:
f.close()
print "passmatch a failure"
return False