Reputation: 19827
How to compare plain text password to hashed password using bcrypt?
I would like to use bcrypt to hash passwords and later verify if a supplied password is correct.
Hashing passwords is easy:
import bcrypt
password = u'foobar'
password_hashed = bcrypt.hashpw(password, bcrypt.gensalt())
# then store password_hashed in a database
How can I compare a plain text password to the stored hash?
Upvotes: 40
Views: 50008
Answers (6)
Reputation: 135
First retrieve the hashed password from the database.
hashed_pwd = ...
plain_text_pwd = 'my_password'
pwdbytes = plain_text_password.encode('utf-8)
assuming your password is stored in text format in your db,compare them like so:
if bcrypt.hashpw(pwdbytes, hashed_pwd.encode('utf-8')).decode('UTF-8') == hashed_pwd:
print('Login successfull')
if it is stored in bytes(blob) compare like so:
if bcrypt.hashpw(pwdbytes, hashed_pwd) == hashed_pwd:
print('Login successfull')
Upvotes: 0
Reputation: 35
I think this one will work better:
for i in range(len(rserver.keys())):
salt = bcrypt.gensalt(12)
mdp_hash = rserver.get(rserver.keys()[i])
rserver.set(rserver.keys()[i], bcrypt.hashpw(mdp_hash.encode(),bcrypt.gensalt(12) ))
rsalt.set(rserver.keys()[i], salt)
Upvotes: 0
Reputation: 15490
I'm not familiar with Python but I think you can use:
public static boolean checkpw(java.lang.String plaintext,
java.lang.String hashed)
# Check that an unencrypted password matches one that has
# previously been hashed.
if bcrypt.checkpw(plaintext, hashed):
print "It matches"
else:
print "It does not match"
Upvotes: 7
Reputation: 746
With py-bcrypt, you don't need to store the salt separately: bcrypt stores the salt in the hash.
You can simply use the hash as a salt, and the salt is stored in the beginning of the hash.
>>> import bcrypt
>>> salt = bcrypt.gensalt()
>>> hashed = bcrypt.hashpw('secret', salt)
>>> hashed.find(salt)
0
>>> hashed == bcrypt.hashpw('secret', hashed)
True
>>>
Upvotes: 73
Reputation: 527238
Later, let's say you have an user-input password user_pass. You'd hash that as well, and then compare the hash with the stored hash, and if they match, then the original passwords also matched.
Note that bcrypt automatically stores the salt value as part of the hashed password, so that you can use it when you hash the future input as well.
First time around:
import bcrypt
password = u'foobar'
salt = bcrypt.gensalt()
password_hashed = bcrypt.hashpw(password, salt)
# store 'password_hashed' in a database of your choosing
Later times:
import bcrypt
password = something_that_gets_input()
stored_hash = something_that_gets_this_from_the_db()
if bcrypt.hashpw(password, stored_hash) == stored_hash:
# password matches
Upvotes: 6
Reputation:
The documentation doesn't mention storing the salt, it says you just have to:
#Initial generation
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
#Store hashed in your db
#Load hashed from the db and check the provided password
if bcrypt.hashpw(password, hashed) == hashed:
print "It matches"
else:
print "It does not match"
http://www.mindrot.org/projects/py-bcrypt/
Upvotes: 19
Related Questions
- How does password checking in bcrypt work?
- how to compare a password text with the bcrypt hashes?
- Python bcrypt: how to check a long encrypted by sha256 password?
- How to get plaintext from hashed text?
- bcrypt different hash for same string?
- Getting a password to matches with its hash in a login function using Python, SQlite and bcrypt
- Getting error while hashing password using Bcrypt in Python
- How to compare 2 passwords in BCrypt in Ruby?
- Comparing password to hashed passwork using bcryt in Django
- Ruby BCrypt hash comparison