Encrypt a password in Python
To encrypt a password in Python, it is recommended to use a secure hashing algorithm instead of encryption.
Encryption is a two-way process, and passwords should be stored in a way that they cannot be easily reversed. Hashing is a one-way process, making it more suitable for password storage.
Here’s an example using the bcrypt
library, which is a popular choice for secure password hashing in Python. You can install it using:
pip install bcrypt
Then, you can use it in your Python code like this:
import bcrypt
def hash_password(password):
# Generate a salt and hash the password
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
return hashed_password
def check_password(input_password, hashed_password):
# Check if the input password matches the hashed password
return bcrypt.checkpw(input_password.encode('utf-8'), hashed_password)
# Example usage:
user_password = "my_secure_password"
hashed_password = hash_password(user_password)
# Print the hashed password (store this in your database)
print("Hashed Password:", hashed_password)
# Check if a login password is correct
input_password = "my_secure_password"
if check_password(input_password, hashed_password):
print("Password is correct!")
else:
print("Password is incorrect.")
hash_password
takes a password as input, generates a random salt, and hashes the password with the salt. check_password
is used to check if a given password matches a stored hashed password.
Remember to store only the hashed password in your database, not the actual user password.
When a user tries to log in, you hash the entered password using the same salt and compare it to the stored hashed password.
Why We use bcrypt?
bcrypt is a good choice because it incorporates a salt and is computationally expensive, making it resistant to brute force and rainbow table attacks.