Compare 2 sha512 hash passed as input in python

Question

I have 2 hashes which i need to compare.1 is coming from an API, other i have calculated internally
I am aware that 2 sha512 can be compared using

input1.digest() == input2.digest()

where both inputs are sha512 hash.My problem here is that since i am getting 1 of them from an API, it is of string format and strings don't have digest :

*** AttributeError: 'str' object has no attribute 'digest'

I thought this would work :

if(calculated_hash != input_hash):
    return False
return True

how hash is getting generated internally for one of the test cases:

hash_val = sha512(parameters.encode('utf-8') + salt.encode('utf-8')).hexdigest()

But since hash is new every-time, this is not working.

How can i compare these 2 hashes under given scenario?

EDIT :

there was a dynamic timestamp in input because of which there was a difference in hash recieved vc hash generated from params recived.But, i am still getting the value as False on comparing hexdigest!! :\

Answer 1

secrets module in python provides a function, 'compare_digest', which can also be used to compare two 'sha' family hash functions' digests and hexdigests. Here is an example.

import hashlib, secrets

data_1 = b'Hello'
sha256_1 = hashlib.sha256(data_1).digest()

data_2 = b'Hello'
sha256_2 = hashlib.sha256(data_2).digest()

data_3 = b'However'
sha256_3 = hashlib.sha256(data_3).digest()

print(secrets.compare_digest(data_1, data_2)) #True
print(secrets.compare_digest(data_1, data_3)) #False

Answer 2

Add the exact values of input1 and input2 to the question.

The only way hash outputs can differ is if the input strings are different, and it seems to me you have a parameter whose value is erroneously being changed every time at runtime. If I were in your shoes, I would check for some timestamp or request randomnumber etc being fed into the SHA calculation every time, which is different for each request.

Edit:

As the OP mentions, this was an issue with a dynamic timestamp being present in the input string. As for using the bytes function, it is not really needed for strings and comparing direct sha512(input).hexdigest should work.

Answer 3

Since input1 is from an API and is a str, it needs to be fed into the actual hash function. Looking at the documentation (https://docs.python.org/3/library/hashlib.html) we can see that something like

...
h1 = hashlib.sha512(bytes(input1))
return h1.digest() == input2.digest()

We need to convert input1 from strto bytes because the hash function expects an input that is bytes-like. However, depending on your Python version (2.X instead of 3.X) this conversion isn't necessary since strings are bytes by default.

Answer 4

Please use type to check your object.

Suppose you are sure that your objects are hash, the expression is definitely correct:

input1.digest() == input2.digest()

If the object isn't <type '_hashlib.HASH'> but it is string, you first should hash the object, and then compare the objects.

input1 = hashlib.sha512(input1)
input1.digest() == input2.digest()

Answer 5

I suspect that you want:

if calculated_hash.digest() != input_hash:
    return False
return True

But it's difficult to say without seeing more of the code.

Answer 6

What i think this should work:

input1 == input2.digest()

Because, digest will produce string. And you getting input1 from api that's string.

Demo:

>>> import hashlib
>>> hash =hashlib.sha512("hello")
>>> type(hash)
<type '_hashlib.HASH'>
>>> type(hash.digest())
<type 'str'>
>>> print hash.digest()
?q?$?b?x]??j??=s1??
                    ?????%g<?##?ٛ??|z?n???
                                         FcG\.\:??os???C
>>> hash.hexdigest()
'9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043'

May be you need to use hexdigest().