tags:

views:

43

answers:

3
+2  Q: 

Python md5 password value

I have this change password request form.In which the user enter their oldpasswords.

this oldpassword is the md5 format.

How to compare the md5 value from db to the oldpassword entered by user

 import md5

 oldpasswd_byuser=str("tom")
 oldpasswd_db="sha1$c60da$1835a9c3ccb1cc436ccaa577679b5d0321234c6f"
 opw=     md5.new(oldpasswd_byuser)
 #opw=     md5.new(oldpasswd_byuser).hexdigest()
 if(opw ==      oldpasswd_db):
    print "same password"
 else:
     print "Invalid password"
+1  A: 

It's not md5, it's sha1 - "sha1$xxx.

You'd have to use sha1 functions instead. There is a documentation on this at http://docs.python.org/library/sha.html

sukru  2010-10-25 07:38:23
+2  A: 

I don't think that oldpasswd_db is a MD5. It more looks like a combination of hash method (SHA1 in this case), a salt and the password hash itself.

Try to concatenate the salt value with the password:

import hashlib
hashlib.sha1('c60datom').hexdigest()
olt  2010-10-25 07:40:43
+1  A: 

Hi,

the hash you put in there is a salted sha1 hexdigest as django (and probably many others) stores it by default.

the code to verify it is in contrib/auth/models.py. From there you can see that django works with md5 by default. All you have to do is to update the old hashes to the following form:

md5$<salt>$<hash>

if your hashes aren't salted yet leave the salt empty (md5$$<hash>), but update the hash to sha1 the next time the user performs a valid login.

Till Backhaus  2010-10-25 07:49:33
@Till Backhaus:Could u give a relevant example for converting the string tom to md5 as per ur explaination
Rajeev  2010-10-25 07:57:43
Salting (http://en.wikipedia.org/wiki/Salt_%28cryptography%29) passwords is done to prevent dictionary attacks against your database. I'd wrap the login view as described in a question about login signals (http://stackoverflow.com/questions/1990502/django-signal-when-user-logs-in) and update the hash in the wrapped view. So you don't hash the string `'torn'` yourself, but you call `user.set_password('torn')` from the login view wrapper if `user.is_authenticated() and user.password.startswith('md5$$')`.
Till Backhaus  2010-10-25 09:13:25

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python