python password generator for django

Question

How can I manually generate password for django? For example, in other application, but using the same database as django .For username 'admin' password like this

pbkdf2_sha256$10000$T0BzrDwfZSrI$pSgvDEam9V9jcdYpYDVkYMMwtSnRrFdf6Aqow82Tjr8=

Answer 1

I have this working Node script, maybe it can help someone out there:

const crypto = require('crypto');

const djangoIterations = 260000; //Default for Django 3.2 (its increased to 480000 for new django versions)

function generateSalt(length) {
  return crypto.randomBytes(length).toString('base64');
}

function djangoHash(password, iterations = djangoIterations, salt = generateSalt(12)) {
  return new Promise((resolve, reject) => {
    const keylen = 32;
    const digest = 'sha256';
    console.log(`Hashing password with ${iterations} iterations`);
    console.log(`Salt: ${salt}`);
    crypto.pbkdf2(password, salt, iterations, keylen, digest, (err, derivedKey) => {
      if (err) reject(err);
      else resolve({
        algorithm: 'pbkdf2_sha256',
        iterations: iterations,
        salt: salt,
        hash: derivedKey.toString('base64'),
      });
    });
  });
}

djangoHash('my_password').then(({algorithm, iterations, salt, hash}) => {
  console.log(`Hash ${hash}`);
  const fullHash = `${algorithm}$${iterations}$${salt}$${hash}`;
  console.log(fullHash);
}).catch(err => {
  console.error(err);
});

Cheers!

Answer 2

I think this maybe what you are looking for :

Manually managing a user’s password

make_password(password[, salt, hashers])

Creates a hashed password in the format used by this application. It takes one mandatory argument: the password in plain-text. Optionally, you can provide a salt and a hashing algorithm to use, if you don’t want to use the defaults (first entry of PASSWORD_HASHERS setting). Currently supported algorithms are: 'pbkdf2_sha256', 'pbkdf2_sha1', 'bcrypt_sha256' (see Using bcrypt with Django), 'bcrypt', 'sha1', 'md5', 'unsalted_md5' (only for backward compatibility) and 'crypt' if you have the crypt library installed. If the password argument is None, an unusable password is returned (a one that will be never accepted by check_password()).

---

I want write function for using without django

Well luckily Django is open source, so you can go and take what you need. The functions source is visible here.

Answer 3

The most common (not safest) algorithm for hashing is md5. Extracting a few ideas from Django's password system can be this code:

import hashlib

def make_password(password):
    assert password
    hash = hashlib.md5(password).hexdigest()
    return hash

def check_password(hash, password):
    """Generates the hash for a password and compares it."""
    generated_hash = make_password(password)
    return hash == generated_hash


>>> hash = make_password('hello123')
>>> hash
'f30aa7a662c728b7407c54ae6bfd27d1'
>>> check_password(hash, 'hello123')
True
>>> check_password(hash, 'Hello123')
False

Use make_password to generate a hash and check_password to check if the entered password is the same as the stored one.

As @Emil pointed out, Django supports multiple password hashers such as pbkdf2_sha256 and pbkdf2_sha1, storing the string as a 3-fold value separated by $: algorithm$salt$hash. salt is a randomly generated string to prevent same password from repeating in the database.