将密码保存到django的数据库表之前的最佳散列方法

时间:2012-01-15 09:00:03

标签: python database django hash passwords

def register(request):
    flag = True
    possible = '0123456789abcdefghijklmnopqrstuvwxyz'
    token = ''

    current_datetime = datetime.datetime.now()

    user = UsersModelForm()
    if request.method == 'POST':
        userf = UsersModelForm(request.POST)
        username = userf.data['username']
        password = userf.data['password']
        passwordrepeat = userf.data['passwordrepeat']
        email = userf.data['email']

        if password != passwordrepeat:
            flag = False
            passVariable = {'user':user, 'flag': False}
            return render_to_response('register.html', passVariable, context_instance=RequestContext(request))

        elif password == passwordrepeat:
            for i in range(1,10):
                temp = random.choice(possible)
                token = token + temp

            print token
            if userf.is_valid():
                check = userf.save(commit=False)
                check.email_token = token
                check.email_token_expiry = current_datetime + timedelta(1)
                check.save()
                return HttpResponseRedirect('/')
    else:
        return render_to_response('register.html', {"user": user, 'flag': True}, context_instance=RequestContext(request))

我需要在保存到数据库表之前对userf.data['password']userf.data['repeatpassword']应用散列方法。

哪种散列方法更适合使用python进行散列?

2 个答案:

答案 0 :(得分:6)

使用bcrypt

以下是README

的示例
import bcrypt

# Hash a password for the first time
hashed = bcrypt.hashpw(password, bcrypt.gensalt())

# gensalt's log_rounds parameter determines the complexity
# the work factor is 2**log_rounds, and the default is 12
hashed = bcrypt.hashpw(password, bcrypt.gensalt(10))

# Check that an unencrypted password matches one that has
# previously been hashed
if bcrypt.hashpw(plaintext, hashed) == hashed:
    print "It matches"
else:
    print "It does not match"

答案 1 :(得分:1)

您可以找到有关如何为django.contrib.auth here完成此操作的说明。有关详细信息,您还可以查看hashers module中的make_password功能。