verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key

2025-10-31 10:26:08 +01:00 · 2017-09-05 21:22:16 -04:00
parent 53d327e435
commit 87c1a95ccc
4 changed files with 80 additions and 10 deletions
--- a/generate-password.py
+++ b/generate-password.py
@@ -2,7 +2,8 @@

 import getpass

-import bcrypt  # pip install bcrypt
+import scrypt  # pip install scrypt
+import binascii

 password1 = getpass.getpass()

@@ -11,9 +12,17 @@ print('Repeat the same password:')
 password2 = getpass.getpass()

 if password1 == password2:
-    salt = bcrypt.gensalt()
+    # salt is constant
+    salt = "dc73b57736511340f132e4b5521d178afa6311c45e0c25e6a9339038507852a6"

-    print('Generated hash:')
-    print(bcrypt.hashpw(password1, salt))
+    hashed = scrypt.hash(password=password1,
+                           salt=salt,
+                           N=16384,
+                           r=16,
+                           p=1,
+                           buflen=32)
+
+    print('Generated password hash:')
+    print(binascii.hexlify(hashed))
 else:
    print('Entered passwords are not identical!')