Python md5 password value

Question

I have this change password request form.In which the user enter their oldpasswords.

this oldpassword is the md5 format.

How to compare the md5 value from db to the oldpassword entered by user

 import md5

 oldpasswd_byuser=str("tom")
 oldpasswd_db="sha1$c60da$1835a9c3ccb1cc436ccaa577679b5d0321234c6f"
 opw=     md5.new(oldpasswd_byuser)
 #opw=     md5.new(oldpasswd_byuser).hexdigest()
 if(opw ==      oldpasswd_db):
    print "same password"
 else:
     print "Invalid password" 

Answer 1

to compare the value of your current password to the password stored in the database you can do:

import md5

input_password = request.POST['password']
md5_hashed_input_password = md5.new(input_password).hexdigest()
#comapre the value to that stored in db
if md5_hashed_input_password == db_password:  #password in db should be stored in md5 hash format
    print 'password match'
else:
    print 'password mismatch'

Answer 2

the hash you put in there is a salted sha1 hexdigest as django (and probably many others) stores it by default.

the code to verify it is in contrib/auth/models.py. From there you can see that django works with md5 by default. All you have to do is to update the old hashes to the following form:

md5$<salt>$<hash>

if your hashes aren't salted yet leave the salt empty (md5$$<hash>), but update the hash to sha1 the next time the user performs a valid login.

Answer 3

I don't think that oldpasswd_db is a MD5. It more looks like a combination of hash method (SHA1 in this case), a salt and the password hash itself.

Try to concatenate the salt value with the password:

import hashlib
hashlib.sha1('c60datom').hexdigest()

Answer 4

It's not md5, it's sha1 - "sha1$xxx.

You'd have to use sha1 functions instead. There is a documentation on this at http://docs.python.org/library/sha.html