How to encrypt passwords using python?

Deepak Radhakrishnan
()

Right when a user starts to access an application, the need for the password encryption arises as well. Every single modern application would need to encrypt their user’s passwords, so as to protect it from potential threats.

There are some inherent reasons for this: our data stores can be yielded, and so is our communications. But the vital reason is, we have to consider our users’ passwords as sensitive secret data. Their password are their key to their privacy, so they are personal, they are sensitive, and no one (not even us) has the right to know them. And we must honour this, if we want to gain our user’s trust.

Contents

Overview

We will be using Passlib library here for encrypting the password. Security-wise, PBKDF2 is currently one of the leading key derivation functions and has no known security issues. Though the original PBKDF2 specification uses the SHA-1 message digest, it is not vulnerable to any of the known weaknesses of SHA-1 and can be safely used.

However, for those still concerned, SHA-256 and SHA-512 versions are offered as well. Passlib provides three custom hash schemes based on the PBKDF2  algorithm which are compatible with the modular crypt format:

  • pbkdf2_sha1
  • pbkdf2_sha256
  • pbkdf2_sha512

At the end of this tutorial, you will be leaving this website with a knowledge of how to encrypt the password and matching the passwords for authentication.

Installation

pip install passlib

Let’s encrypt

Before encrypting, we have to prepare the password context , which contains the scheme,default and rounds .

For reusing the code I have made a method that will accept the password and return the hashed password. So that I can simply call the encrypt method throughout the program.

from passlib.context import CryptContext

pwd_context = CryptContext(
        schemes=["pbkdf2_sha256"],
        default="pbkdf2_sha256",
        pbkdf2_sha256__default_rounds=30000
)
def encrypt_password(password):
    return pwd_context.hash(password)


##### Encryping ###########

user_pwd='testpassword'
hashed_user_pwd=encrypt_password(user_pwd)

print(hashed_user_pwd)
Output
>>> print(hashed_user_pwd)
$pbkdf2-sha256$30000$gVCK8f7/X0vJ2Ruj9J5TCg$LWUw2xCwYXJvMSBWWojPCDzEBc/GIXV20q6Uo4n94Fk

Matching Passwords

For authentication purpose we need to check the user entered password is same as the stored password. For matching the passwords, I have written a method “check_encrypted_password” , which will be accepting user-entered password as the first argument. And the hashed password, we stored earlier will be accepted as the second argument. This method will return true, if both passwords are matched and will return, false if not.

from passlib.context import CryptContext

#defining password context
pwd_context = CryptContext(
        schemes=["pbkdf2_sha256"],
        default="pbkdf2_sha256",
        pbkdf2_sha256__default_rounds=30000
)

#encrypting method
def encrypt_password(password):
    return pwd_context.hash(password)

#decrypting method
def check_encrypted_password(password, hashed):
    return pwd_context.verify(password, hashed)

##### Encryping ###########

user_pwd='testpassword'
hashed_user_pwd=encrypt_password(user_pwd)

print(hashed_user_pwd)

######### Password matching #########

if check_encrypted_password(user_pwd,hashed_user_pwd):
    print("Authenticated-passwords are matching")
else:
    print("Authentication Failed-passwords are not matching")

Conclusion

We have learned how to encrypt passwords using python and matching the passwords for authentication.

How useful was this post?

Click on a starts to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow me on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

%d bloggers like this: