0

I'm using python 3 and i need to know how to use hashing in python 3 on a variable instead of a string.

my example; this is the code i'm currently trying to use and it doesn't work.

foundpassencypt = hashlib.md5(b(pwd))
print(foundpassencypt.hexdigest())

pwd is a string that was entered earlier in my program.

pwd = "Password"

i know if it was a string it would be layed out like this;

foundpassencypt = hashlib.md5(b"Password")
print(foundpassencypt.hexdigest())

This is the full code (its using Python3, SQL Lite and Appjar)("Else:" is out of place when i post the code, its correct in my code)

    else:
    usr = login.getEntry("Username")
    pwd = login.getEntry("Password") #collects entry of password & username

    conn = sqlite3.connect("uHubDatabase.db")
    cursor = conn.cursor() #connects to database

    find_user=("SELECT Username FROM UserTable WHERE Username = ?") #sets the finding of the username from the database as a varaible 
    cursor.execute(find_user,[(usr)])


    founduser = str(cursor.fetchall())
    print(founduser)
    removechars = "'(),[]" #Avoids the error of special characters caused by the database outputting strings (Text)
    for char in removechars:
        founduser = founduser.replace(char,'')

    find_pass=("SELECT Password FROM UserTable WHERE Password = ?") #sets the finding of the password from the database as a varaible 
    cursor.execute(find_pass,[(pwd)])

    foundpass = str(cursor.fetchall())
    print(foundpass)
    removechars = "'(),[]" #Avoids the error of special characters caused by the database outputting strings (Text)
    for char in removechars:
        foundpass = foundpass.replace(char,'')

    pwdencypt = hashlib.md5(pwd) #makes the encypted password using md5 hashing
    print(pwdencypt.hexdigest()) # checks the string for comparison

    print(founduser) 
    print(usr) 
    print(foundpass) 
    print(pwd) 

    if founduser == usr and foundpass == pwdencypt: # If correct
        print("SUCESS")
        login.stop()
        home.go()

    else: #if incorrect
        print("FAIL")
        login.retryBox("INCORRECT LOGIN", "The Username or Password entered are incorrect. Please try again.", parent=login)
    print("User:", usr, "Pass:", pwd)

    conn.close() #closes connection
Improve this question
1
  • DO NOT USE MD5 TO HASH PASSWORDS. Do not use only a single round of any hash to hash passwords. Do use BCrypt, SCrypt, PBKDF2, or Argon2 with a sufficiently high iteration count/work factor to hash passwords. Commented Jan 10, 2018 at 5:06

3 Answers 3

Reset to default
1

Before hashing a string variable you should encode it first.

Example:

a = "123321"
print(hashlib.md5(a.encode('utf-8')).hexdigest())
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

this gives me an error AttributeError: 'bytes' object has no attribute 'hexdigest'
1

DO NOT USE MD5 FOR HASHING PASSWORDS

It is extremely insecure for a wide number of reasons, not the least of which being that a single iteration of any hash is insufficient, and another of which is that MD5 collisions can now be generated (and have been able to be generated for years).

Use PBKDF2, BCrypt, SCrypt, or Argon2 with a high iteration count/work factor to hash passwords.

Note that I do have a crude but functional Python 2.7 example of PBKDF2 in my Github repository. An example of a call is:

BinaryOutput = pbkdf2_math.pbkdf2_bin(args.password, args.salt, args.iterations, args.outputBytes, hashlib.sha512)

Alternately, use passlib for Python 2 and 3 to call PBKDF2, BCrypt, SCrypt, or Argon2.

In ALL cases, use a sufficiently high iteration count or work factor; start with, perhaps, whatever takes 1/10th or 1/100th of one second to hash a single password (and that'll be using only one core on your system, so multi-core system can do multiple passwords at once).

Improve this answer

Comments

0

You don't need b()

import hashlib
pwd = "Password"
foundpassencypt = hashlib.md5(pwd.encode('utf-8'))
print(foundpassencypt.hexdigest())

Output:

dc647eb65e6711e155375218212b3964

UPD. Hashing algortithm doesn't support unicode so you have to encode your sring. See python issue2948 for details

Improve this answer

11 Comments

TypeError: Unicode-objects must be encoded before hashing
Then you need to encode it as the hashing algorithm doesn't support unicode. You still won't need b
How do i "encode it as the hashing algorithm doesn't support unicode."?
I've included it into the code above, pwd.encode('utf-8') part
the other answer has that as well
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.