如何利用werkzeug.security的check_password_hash函数针对现有的盐腌sha1密码哈希验证正确的密码

Question

我正在开发一个新的python应用程序，该应用程序需要验证我们数据库中现有的用户凭据。我们的许多遗留应用程序都建立在PHP的Symfony框架上，而这些密码散列和盐本来就是该框架的来源。在数据库中，将保留用户的算法（sha1），salt和哈希密码。我试图找出如何结合使用check_password_hash模块的werkzeug.security功能的此信息来正确验证密码。但是，到目前为止，我一直没有成功。

出于演示目的，我创建了一个测试用户，并且数据库包含该用户的以下值。

测试用户值

algorithm：sha1
salt：e40e1e9addc186828a5554a71527342c
password（哈希）：784517f57fbe61179960739e29d7ae925aa4fd5b

测试用户的 实际密码是123456

我尝试了以下方法来验证密码。

注释：
1.哈希格式改编自werkzeug.security文档
2.比较哈希方法从this StackOverflow answer

改编而来

from werkzeug.security import generate_password_hash
from werkzeug.security import check_password_hash

# Attempt 1 - Results in False
check_password_hash('sha1$e40e1e9addc186828a5554a71527342c$784517f57fbe61179960739e29d7ae925aa4fd5b','123456')

# Attempt 2 - Results in False
check_password_hash('pbkdf2:sha1$e40e1e9addc186828a5554a71527342c$784517f57fbe61179960739e29d7ae925aa4fd5b','123456')

# Attempt 3
# Step 1: Append the salt_value to the given password and hash it using the same hash function.
generate_password_hash('123456$e40e1e9addc186828a5554a71527342c','sha1')
# sha1$9lUceSsd$60f7dcb3ff9c22d4613e59fcbfed0c463ee4189e
# Step 2: Compare the hash to the hash in the database
# 60f7dcb3ff9c22d4613e59fcbfed0c463ee4189e != 784517f57fbe61179960739e29d7ae925aa4fd5b

# Attempt 4 - Same steps as Attempt 3 except adding salt_length argument
# Step 1: Append the salt_value to the given password and hash it using the same hash function.  
generate_password_hash('123456$e40e1e9addc186828a5554a71527342c','sha1',len('e40e1e9addc186828a5554a71527342c'))
# sha1$EbPv6DP0wMyu02UpA6ZYazFvvYvZTVI1$b8252583fea027d42af20c0d0f3eac3fbf468bd1
# Step 2: Compare the hash to the hash in the database
# b8252583fea027d42af20c0d0f3eac3fbf468bd1 != 784517f57fbe61179960739e29d7ae925aa4fd5b

任何人都可以对我做错的事情提供一些见解吗？我应该尝试使用passlib这样的其他库吗？我希望这个模块能够满足我的需求，因为我已经创建了一些现有的python应用程序，将其用于 new 用户注册，但是在单独的数据库中。

编辑-显示使用werkzeug.security的{​​{1}}函数的替代方法

check_password_hash

Answer 1

werkzeug.generate_password_hash要生成一个盐值。查看源代码，我们可以看到_hash_internal被生成的盐值调用。

def generate_password_hash(password, method="pbkdf2:sha256", salt_length=8):
    """Hash a password with the given method and salt with a string of
    the given length. The format of the string returned includes the method
    that was used so that :func:`check_password_hash` can check the hash.

    The format for the hashed string looks like this::

        method$salt$hash

    This method can **not** generate unsalted passwords but it is possible
    to set param method='plain' in order to enforce plaintext passwords.
    If a salt is used, hmac is used internally to salt the password.

    If PBKDF2 is wanted it can be enabled by setting the method to
    ``pbkdf2:method:iterations`` where iterations is optional::

        pbkdf2:sha256:80000$salt$hash
        pbkdf2:sha256$salt$hash

    :param password: the password to hash.
    :param method: the hash method to use (one that hashlib supports). Can
                   optionally be in the format ``pbkdf2:<method>[:iterations]``
                   to enable PBKDF2.
    :param salt_length: the length of the salt in letters.
    """
    salt = gen_salt(salt_length) if method != "plain" else ""
    h, actual_method = _hash_internal(method, salt, password)
    return "%s$%s$%s" % (actual_method, salt, h)

如果我们使用您的_hash_internal方法调用sha1，并提供了salt /密码，则会得到不同的哈希值

In [83]: import werkzeug.security                                                                                                                                                     

In [84]: h, method = werkzeug.security._hash_internal('sha1', 'e40e1e9addc186828a5554a71527342c', '123456')                                                                           

In [86]: h == '784517f57fbe61179960739e29d7ae925aa4fd5b'                                                                                                                              
Out[86]: False

In [85]: h                                                                                                                                                                            
Out[85]: 'e8c2de9bdc1ab92479e3e55b608a040dad7bf656'

我认为您需要重新访问PHP代码以查看如何生成这些值。

编辑：根据您的评论

In [138]: werkzeug.security._hash_internal('sha1', '', 'e40e1e9addc186828a5554a71527342c123456')                                                                                      
Out[138]: ('784517f57fbe61179960739e29d7ae925aa4fd5b', 'sha1')

如果您想使用check_password_hash，则不必在哈希表上设置盐，而是将其添加到密码之前：

In [148]: werkzeug.check_password_hash('sha1$$784517f57fbe61179960739e29d7ae925aa4fd5b', 'e40e1e9addc186828a5554a71527342c123456')                                                    
Out[148]: True

如果我们查看源代码，可以看到check_password_hash从method中提取了salt，hashval和pwhash，然后验证了哈希password与hashval相匹配。我不熟悉PHP中的哈希，但是似乎密码被“撒了盐”，然后不加盐地哈希了（就werkzeug.security而言）。

def check_password_hash(pwhash, password):
    """check a password against a given salted and hashed password value.
    In order to support unsalted legacy passwords this method supports
    plain text passwords, md5 and sha1 hashes (both salted and unsalted).

    Returns `True` if the password matched, `False` otherwise.

    :param pwhash: a hashed string like returned by
                   :func:`generate_password_hash`.
    :param password: the plaintext password to compare against the hash.
    """
    if pwhash.count("$") < 2:
        return False
    method, salt, hashval = pwhash.split("$", 2)
    return safe_str_cmp(_hash_internal(method, salt, password)[0], hashval)