1

I'm trying to make a Login programme in Python using the Tkinter GUI, and using hashlib MD5 to hash the password. Here is my code for Account Creation.

def AccountEntry():
    tk.Label(m, text = "Account Creation").grid(row =2 ,column =1)
    tk.Label(m, text = "Enter name").grid(row = 3, column = 0)
    ename = tk.Entry(m)
    ename.grid(row = 3, column = 1)
    tk.Label(m, text = "Enter password").grid(row = 4,column = 0)
    epassword = tk.Entry(m, show = "*")
    epassword.grid(row = 4, column = 1)
    tk.Button(m, text = "Submit", command = lambda:Account(epassword,ename)).grid(row = 5, column = 1)

def Account(epassword,ename):
    name = ename.get()
    password = epassword.get()
    bytepass = bytes(password, 'utf-8')
    hexpass = str(hashlib.md5(bytepass))
    enter_table = (name,hexpass)
    cursor.execute("insert into lusers(name, hexpass) values(%s,%s)",(enter_table))
    db.commit()
    tk.Label(m, text = "Successfully made account").grid(row = 6, column = 1)

The problem is basically that the md5 function returns different values. So the first time I press "submit" it returns 'md5 HASH object @ 0x03845C68' but it returns 'md5 HASH object @ 0x03845DE8' from the second time onwards when I press "submit" with the same name and password. This creates a problem as in order to Login, the programme takes the password, uses the hash function again and then compares the new hash object to the one in the database, which are different since it messes up the values in the Account Creation.

I suspect that the str(hashlib.md5(bytepass)) could have something to do with it since it was doing the same thing in the Login until I removed str(), but I need to convert the hash object to a string to put it in MySQL.

Improve this question
3
  • 1
    Those numbers are memory addresses of the objects, not the hashed value. Can you print a string of the hash to check? See answer by @chepner Commented Nov 4, 2019 at 20:59
  • 1
    Use hashlib.md5(value).hexdigest() instead of str(...). Commented Nov 4, 2019 at 21:01
  • You should consider using an existing framework or reading about best practices for authentication... I'm not an expert but for starters unsalted password are a big no, so is doing a single hash round. There are hash functions made specifically for password hashing... Commented Nov 4, 2019 at 22:11

1 Answer 1

Reset to default
0

You aren't getting the md5 hash from that call; you are getting an object that has a method that can return the md5 hash.

hexpass = hashlib.md5(bytepass).hexdigest()
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

If I try to put that in MySQL it gives the Type Error: Python 'builtin_function_or_method' cannot be converted to a MySQL type
You appear to be missing parentheses somewhere; are you using hexdigest or hexdigest()?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.