Koj yuav tsum tsis txhob khaws tus password rau hauv cov ntawv dawb thaum lees paub tus neeg siv lossis ua qee yam zoo sib xws.
Txij li thaum muaj ntau tus neeg siv tib lo lus zais, yog tias tus neeg tawm tsam nrhiav pom cov ntaub ntawv ntawm cov passwords uas tsis tau sau tseg, lawv tuaj yeem siv tau yooj yim ua ke nrog cov email sib xws kom nkag mus rau hauv lub vev xaib txuas lossis tus account thiab txawm siv los sim nkag mus rau lwm tus account.
Cov passwords feem ntau hashed hnub no thaum muab tus password. Nws raug nquahu kom hash nrog ntsev thiab khaws cov ntsev ua ke nrog tus password hashed.
Salting yuav zoo li ib qho ntawm cov kauj ruam hauv daim ntawv qhia rau hash browns, tab sis nyob rau hauv cryptography, nws hais txog kev ntxiv cov ntaub ntawv random mus rau hash muaj nuj nqi cov tswv yim los xyuas kom meej tias cov hash yuav yeej ib txwm muab ib tug tshwj xeeb tshwm sim txawm tias cov inputs zoo tib yam.
Yog li ntawd, qhov tshwj xeeb hash tsim los ntawm kev ntxiv ntsev tuaj yeem tiv thaiv peb los ntawm ntau txoj kev tawm tsam, suav nrog kev ua phem lub rooj, thaum stifling phau ntawv txhais lus thiab brute-force offline sim.
Ntawm no, nrog kev pab ntawm cov lej snippets, peb yuav ua kom pom kev siv 'bcrypt' kom ruaj ntseg koj cov passwords.
Yog li, 'bcrypt' yog dab tsi?
Bcrypt yog lub tsev qiv ntawv hashing uas txhawb nqa ntau hom lus thiab muab tus password tshwj xeeb encryption. Txhawm rau kom muaj kev ruaj ntseg ntawm koj tus password, nws cia li tsim cov cim random ntxiv (ntsev) thaum encrypting koj txoj hlua.
Koj tseem tuaj yeem xaiv los txheeb xyuas seb muaj pes tsawg tus cim ntxiv uas koj xav ntxiv rau ib txoj hlua tuaj.
Lub tsev qiv ntawv bcrypt tsuas nyeem byte code, tsis yog cov hlua nyoos. Yog li ntawd, ua ntej xa tus password nkag mus rau bcrypt rau encryption, koj yuav tsum xub encode nws.
Encrypting thiab encoding tsis yog tib yam. Nws tsuas yog ua kom paub tseeb tias txoj hlua yog tshuab nyeem tau ua ntej yuav raug them los ntawm cov txheej txheem encryption.
Siv bcrypt los encrypt tus password hauv Python
Python ua rau bcrypt password encryption yooj yim. Peb yuav mob siab rau ua qhov no yam tsis muaj kev pab ntawm lub moj khaum. Tab sis tsis txhob txhawj, yog tias koj nkag siab yuav ua li cas txuag cov neeg siv khoom nkag thiab nyeem lawv los ntawm cov ntaub ntawv, cov txheej txheem yog tib yam hauv cov txheej txheem.
installation
Koj tsuas yog yuav tsum teeb tsa Python virtual ib puag ncig thiab tom qab ntawd siv IDE zoo li PyCharm. Lub tsev qiv ntawv yuav tsum tau nruab ua ntej:
Encrypting tus password
Cia peb saib yuav ua li cas siv bcrypt los encrypt cov ntawv tom qab nws tau teeb tsa:
Cov lus hais saum toj no Python code executes thiab outputs ib tug encrypted byte hlua. Tab sis txhua zaus koj khiav tsab ntawv, qhov tshwm sim txawv. Bcrypt siv txoj kev no kom paub tseeb tias txhua tus neeg siv muaj tus password uas tshwj xeeb encrypted.
Qhov ntawd, xwm txheej, yog rau kev nkag mus rau tus password.
Kev sib piv tus password thiab kev lees paub siv Bcrypt
Yuav ua li cas yog tias koj xav txuag tus password hashed thiab xyuas tom qab saib seb nws puas phim tus password tus neeg siv xa mus rau kev lees paub?
Qhov ntawd yog qhov yooj yim. Tsuas yog authenticating lo lus zais yuav tsum tau muab piv rau cov ntaub ntawv nkag nkag (lossis hauv lub cim xeeb hauv qhov no).
Lub authenticating lo lus zais yuav tsum tau encoded ua ntej muab piv rau ib tug nyob rau hauv lub database vim bcrypt tsuas nyeem byte hlua. Yeej, koj yuav sib piv cov ntawv pov thawj encoded rau qhov encoded hashed password koj tam sim no muaj nyob rau hauv koj cov ntaub ntawv.
Cia peb sim qhov no los ntawm kev siv Python inputs cuav:
Thaum khiav cov cai hais saum toj no, koj raug ceeb toom rau tus password tshiab. Qhov no tau txais kev cawmdim hauv kev nco los ntawm Python. Hauv seem authenticating, koj mam li nkag mus rau tib lo lus zais, uas yog tus kheej rau koj.
Yog hais tias tus password raug muab piv thiab ib qho uas yav tas los encrypted thiab txuag qhov kev sib tw, Python emits cov lus ua tiav.
Yog tias tsis yog, cov lus yuam kev raug luam tawm thiab tom qab ntawd lwm kab lus ntxiv.
Lub tswv yim tseem ceeb yog zoo ib yam li kev sau npe thiab tom qab ntawd muab tus password rau hauv database rau authentication.
xaus
Txawm hais tias peb tsuas yog siv cov lej zais zais los qhia tias bcrypt ua haujlwm li cas hauv Python lub cim xeeb luv luv, nws qhov kev siv tiag tiag nyob hauv cov neeg siv hauv paus apps.
Txawm li cas los xij, tsab xov xwm no qhia txog cov txheej txheem tseem ceeb los npaj koj cov cai kom ua tiav qhov no, txawm tias muaj xwm txheej tiag tiag.
Piv txwv li, yog tias koj siv Flask, koj tuaj yeem muab cov ntawv sau npe thiab kev lees paub ntawm cov ntaub ntawv hauv lub vev xaib sib txawv tsis yog cov khoom siv.
Tau kawg, thaum sib piv cov passwords, koj yuav nyeem los ntawm cov ntaub ntawv uas muaj cov passwords uas tau khaws cia hauv lub ntiaj teb tiag.
Jona Nitch
Ua tsaug rau qhov kev piav qhia yooj yim thiab yooj yim,
Qhov no tau pab kuv ntau heev hauv kuv qhov project tam sim no.
Kuv xav tias nws yog qhov zoo heev uas tus piv txwv code yog txwv rau qhov tsawg kawg nkaus thiab tsis overloaded zoo li ntau lwm cov lus piav qhia.
Qhov zoo tshaj plaws regards