views:

854

answers:

4

This question is based on the answer.

I would like to know how you can hash your password by SHA1 and then remove the clear-text password in a MySQL database by Python.

How can you hash your password in a MySQL database by Python?

+4  A: 

http://docs.python.org/library/sha.html

The python documentation explains this a lot better than I can.

scragar
+8  A: 

As the documentation says you should use hashlib library not the sha since python 2.5.

It is pretty easy to do make a hash.

hexhash = hashlib.sha512("some text").hexdigest()

This hex number will be easy to store in a database.

David Raznick
Better to do `hexhash = hashlib.sha512("some text" + salt).hexdigest()`, where `salt` is a random string generated for each password and stored in the DB along with the hash. It helps avoid rainbow table attacks.
David Johnstone
+1  A: 

You don't remove the clear-text password when you hash the password. What you do is accept an input from the user, hash the input, and compare the hash of the input to the hash stored in the database. You should never store or send the plain-text password that the user has.

That said, you can use the sha library as scrager said (pre-Python 2.5) and the hashlib library as David Raznick said in newer versions of Python.

Thomas Owens
+4  A: 

If you're storing passwords in a database, a recommended article to read is Jeff's You're Probably Storing Passwords Incorrectly. This article describes the use of salt and some of the things about storing passwords that are deceptively easy to get wrong.

Greg Hewgill