2

I am trying to retrieve the password and authenticate from the Galaxy framework. I successfully retrieve the password it's in hashed(sha1) format. How do I authenticate this with the password input by the user? My first guess would be converting hashed(sha1) into normal string and authenticating. Is that possible? If it is, how can I convert it into the string?

Improve this question
2
  • 4
    I think you should do the opposite, the point of the hash is that you can not get the plain plassword text from it. Calculate the hash from the password and compare the two hashes. Commented Jan 7, 2013 at 15:55
  • Alright. That can be done. Is there any inbuild function in Python to convert normal text into hashed(sha1) format? Thanks Commented Jan 7, 2013 at 15:57

2 Answers 2

Reset to default
3

You can't. It would be extremely hard to get the plain text from its hash code, that's exactly the reason why we had invented hash. Try the opposite: convert the plain text to hash and then compare.

How to convert:

import hashlib
s = "plain"
h = hashlib.sha1(s).hexdigest()
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

... My first guess would be converting hashed(sha1) into normal string ...

That's what cryptographic hash functions try to prevent (among other things) - this property is called pre-image resistance.

The basic steps would be the other way around:

  • take user input
  • compute hash over user input
  • compare hashed user input to stored credentials/hashes
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.