如何使用Bcrypt加密Django中的密码

概述我正在尝试使用Bcrypt加密用户在注册时提供的密码,然后使用Bcrypt验证用户在登录时存储在数据库中的散列版本时提供的密码. 有关如何通过Django docs安装Bcrypt的一些非常好的文档,但它们实际上并没有向您展示如何使用Bcrypt来散列密码或使用其他命令. 你需要从某个地方导入Brcrypt吗？如果是这样,它的正确语法是什么？散列密码和将散列密码与非散列密码进行比较的语法是什么？ 我正在尝试使用Bcrypt加密用户在注册时提供的密码,然后使用Bcrypt验证用户在登录时存储在数据库中的散列版本时提供的密码.

有关如何通过Django docs安装Bcrypt的一些非常好的文档,但它们实际上并没有向您展示如何使用Bcrypt来散列密码或使用其他命令.

你需要从某个地方导入Brcrypt吗？如果是这样,它的正确语法是什么？散列密码和将散列密码与非散列密码进行比较的语法是什么？

我在settings.py文件中安装了Bcrypted库,并通过pip安装了Bcrypt.使用Bcrypt还需要做什么？

解决方法 在你的链接：

The password attribute of a User object is a string in this format:

<algorithm>$<iterations>$<salt>$<hash> Those are the components used
for storing a User’s password,separated by the dollar-sign character
and consist of: the hashing algorithm,the number of algorithm
iterations (work factor),the random salt,and the resulting password
hash. The algorithm is one of a number of one-way hashing or password
storage algorithms Django can use; see below. Iterations describe the
number of times the algorithm is run over the hash. Salt is the random
seed used and the hash is the result of the one-way function.

I installed the Bcrypted library in the settings.py file…
What else do I need to do to use Bcrypt?

我不确定第一句话是什么意思.您需要在settings.py中添加以下内容：

PASSWORD_HASHERS = (    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.BCryptPasswordHasher','django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher','django.contrib.auth.hashers.SHA1PasswordHasher','django.contrib.auth.hashers.MD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher',)

use Bcrypt to valIDate a password a user provIDes upon login against
the hashed version stored in the database.

您可以手动执行此 *** 作：

The django.contrib.auth.hashers module provIDes a set of functions to
create and valIDate hashed password. You can use them independently
from the User model.

check_password(password,encoded)
If you’d like to manually authenticate a user by comparing a plain-text password to the hashed
password in the database,use the convenIEnce function
check_password(). It takes two arguments: the plain-text password to
check,and the full value of a user’s password fIEld in the database
to check against,and returns True if they match,False otherwise.

https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#module-django.contrib.auth.hashers

或者,您可以使用authenticate()：

authenticate(**credentials)
To authenticate a given username and password,use authenticate(). It takes credentials in the form of
keyword arguments,for the default configuration this is username and
password,and it returns a User object if the password is valID for
the given username. If the password is invalID,authenticate() returns
None. Example:

06001

https://docs.djangoproject.com/en/1.9/topics/auth/default/#authenticating-users

这里有些例子：

(django186p34)~/django_projects/dj1$python manage.py shellPython 3.4.3 (v3.4.3:9b73f1c3e601,Feb 23 2015,02:52:03) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwinType "help","copyright","credits" or "license" for more information.(InteractiveConsole)>>> from django.conf import settings>>> print(settings.PASSWORD_HASHERS)('django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher','django.contrib.auth.hashers.UnsaltedMD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher')

这些是默认值：我的settings.py中没有PASSWORD_HASHERS条目.

>>> from django.contrib.auth.models import User>>> my_user = User.objects.create_user('ea87','ea@gmail.com','666monkeysAndDogs777')>>> my_user.save()>>> my_user.password'pbkdf2_sha256000$L7uq6goI1HIl$RYqywMgPywhhku/YqIxWKbpxODBeczfLm5zthHjNSSk='>>> my_user.username'ea87'>>> from django.contrib.auth import authenticate>>> authenticate(username='ea87',password='666monkeysAndDogs777')<User: ea87>>>> print(authenticate(username='ea87',password='wrong password'))None>>> from django.contrib.auth.hashers import check_password>>> check_password('666monkeysAndDogs777',my_user.password)True>>> exit()

接下来,我将以下内容添加到settings.py中：

PASSWORD_HASHERS = (    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',)

(django186p34)~/django_projects/dj1$python manage.py shellPython 3.4.3 (v3.4.3:9b73f1c3e601,"credits" or "license" for more information.(InteractiveConsole)>>> from django.conf import settings>>> print(settings.PASSWORD_HASHERS)('django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher')

注意元组前面的bcrypt哈希.

>>> from django.contrib.auth.models import User>>> user = User.objects.get(username='ea87')>>> user<User: ea87>>>> user.password'pbkdf2_sha256000$DS20ZOCWTBFN$AFfzg3iC24Pkj5UtEu3O+J8KOVBQvaLVx43D0Wsr4PY='>>> user.set_password('666monkeysAndDogs777')>>> user.password'bcrypt_sha256$b$QeWvpi7hQ8cPQBF0LzD4C.89R81AV4PxK0kjVXG73fkLoQxYBunDW'

您可以看到密码已更改为bcrypt版本.

总结

以上是内存溢出为你收集整理的如何使用Bcrypt加密Django中的密码全部内容，希望文章能够帮你解决如何使用Bcrypt加密Django中的密码所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。