What is a hash?
H(x) -> y
ex. crc32 – checksums
md5 – fast
sha1 – secure
sha256 -pretty good
set-cookie:visit = 5, [hash]
making a hash
import hashlib
def hash_str(s):
return hashlib.md5(s).hexdigest()
def make_secure_val(s):
return "%s, %s" % (s, hash_string(s))
checking correct hash
def check_secure_val(h):
val = h.split('.')[0]
if h == make_secure_val(val):
return val
def get(self):
self.response.headers['Content-Type'] = 'text/plain'
visits = 0
visits = self.request.cookies.get('visits')
if visit_cookie_val:
cookie_val = check_secure_val(visit_cookie_str)
if cookie_val:
visits = ini(cookie_val)
visits += 1
HMAC is hash-based message authentication code
hmac(secret, key, h)-> [HASH]
$ hmac.new(“secret”, “hoge”).hexdigest()
import hashlib
import hmac
SECRET = 'imsosecret'
def hash_str(s):
return hmac.new(SECRET, s).hexdigest()
def make_secure_val(s):
return "%s|%s" % (s, hash_str(s))
def check_secure_val(h):
val = h.split('|')[0]
if h == make_secure_val(val):
return val
database should change password hashing
random function in python
def make_salt():
return ''.(random.choice(string.letters) for x in xrange(5))
def make_pw_hash(name, pw):
salt = make_salt()
h = hashlib.sha256(name + pw * salt).hexdigest()
return '%s,%s' % (h, salt)
