MFB MFB - 3 years ago 198
Python Question

How to compare "plain text passwords" VS "hashed passwords", using bcrypt?

I would like to use

to create hashes for passwords, in order to store the hashes in a db.

To create the password hash and to store in the database is easy:

import bcrypt

password = u'foobar'
password_hashed = bcrypt.hashpw(password, bcrypt.gensalt())

#then store password_hashed in db

But how to read and compare, in order to determine if a password is correct?

This is where I'm stuck. Any help would be awesome!

Answer Source

With py-bcrypt, you don't need to store the salt separately: bcrypt stores the salt in the hash.

You can simply use the hash as a salt, and the salt is stored in the beginning of the hash.

>>> import bcrypt
>>> salt = bcrypt.gensalt()
>>> hashed = bcrypt.hashpw('secret', salt)
>>> hashed.find(salt)
>>> hashed == bcrypt.hashpw('secret', hashed)
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download