For example, if I take “Hello World” and go paste it into some online hashing website, or by using this python code:
from hashlib import sha256
print(sha256('Hello World'.encode()).hexdigest())
it would return "a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e" which represent its hash value.
But what i'm looking for is some document or whatever that allows me to go manually from that text to hash
Related
Seems simple enough, and there are plenty of examples but I just can't seem to get hashes that verify with werkzeug.security's check_password_hash in python.
private string Generate_Passwd_Hash()
{
string _password = "Password";
string _salt = "cXoZSGKkuGWIbVdr";
SHA256 MyHash = SHA256.Create();
byte[] hashable = System.Text.Encoding.UTF8.GetBytes(_salt + _password);
byte[] resulthash = MyHash.ComputeHash(hashable);
return "sha256$" + _salt + "$" + BitConverter.ToString(resulthash).Replace("-", "").ToLower();
}
this should generate;
sha256$cXoZSGKkuGWIbVdr$7f5d63e849f0a2c0c5c2bd6ae4e45ead2ac730c853a1ed3460e227c06c567f49
but doesn't.
EDIT
Reading through the python code for generate_password_hash and it has a default number of iterations of 260000. Which is probably what I'm missing.
I never used werkzeug but I tried to reproduce your probelem.
I had read the docs of werkzeug.security.generate_password_hash and realized it is used in password validation only, and not meant to be a universal hashing algorithm.
The document clearly says
Hash a password with the given method and salt with a string of the
given length. The format of the string returned includes the method
that was used so that check_password_hash() can check the hash.
hashlib.pbkdf2_hmac is the hashing algorithm werkzeug uses internally(from now on we call it underlying algorithm). and you don't need install it because it is in standard library.
The source code of check_password_hash shows it generates a random salt before calling underlying algorithm. The salt is to protect from attacks. And it is remembered by the werkzeug framework so that check_password_hash can use to validate later.
So to summarize:
werkzeug.security.generate_password_hash only guarantee that generated hash can be validated by check_password_hash, and no more. You simply cannot(or not supposed to) try to generate same hash by other libraries or languages.
If you really want to compare the hashing algorithm in python and C#, please post another question(or update this question) that compares underlying algorithm(hashlib.pbkdf2_hmac which allow specifying salt as parameter) with C# version. Note seems in C# there's no built in algorithm for pbkdf2, see Hash Password in C#? Bcrypt/PBKDF2.
I want to add file identifiers to a script I am creating that are short and unique. The identifier needs to be related to the input arguments given to the script from the CLI, so that the same identifier gets generated from the same arguments always.
I thought of hashing them with an MD5 hash that gets as input all the arguments provided by the user in the CLI:
import sys
import hashlib
file_id = hashlib.md5(str(sys.argv).encode("utf-8"))
print(file_id)
This only gives me an object description & memory location:
<md5 HASH object # 0x0000324294...>
If I could get the actual hash I could extract the first 20 characters or so and it would be good enough for my use case.
You can use the hexdigest method like so:
import sys
import hashlib
my_hash = hashlib.md5()
my_hash.update(str(sys.argv).encode("utf-8"))
print(my_hash.hexdigest())
The goal
Take the data in mssql, an image, convert to base64 and embed in an email.
Deets
I have an image, stored in a varbinary column in a mssql database.
0xFFD8FFE00....
On the other end, I'm querying it out into an ancient Jython environment because that's all I have access to.
When I query and print, I appear to get a a signed array of bytes or a char (maybe?).
>>> array('b', [-1, -40, -1, -32, 0, 16,...
Another thread had suggested dumping it into the b64 encoder
import base64
encoded = base64.b64encode(queryResult)
Which gave me an error TypeError: b2a_base64(): 1st arg can't be coerced to String
The thread also mentioned converting it to json, but since I'm in Python 2.4 land, I don't have access to import json or import simplejson. Using a json interpreter here seems like a major kludge to me.
I've also tried to convert it on the SQL end with decompress and casting to xml, neither of those work at all. The images work fine when passed as an email attachment, so they aren't corrupted as far as I can tell. To embed them in an html template, I need to get that Base64 string out.
I am missing something, I don't work with this stuff often enough to figure it out. I am aware of signed/unsigned, endian-ness at a high level but I can't quite crack this nut.
Converting Column values from VARBINARY to Base64
In most cases we will need to work on multiple rows in table, and we want to convert only the VARBINARY data into BASE64 String. The basic solution is the same as above, except for the solution using XML XQuery, which we will simply need to use different method.
Option 1: Convert binary to Base64 using JSON
select Id,AvatarBinary
from openjson(
(
select Id,AvatarBinary
from AriTestTbl
for json auto
)
) with(Id int, AvatarBinary varchar(max))
GO
Option 2: Convert binary to Base64 using XML XQuery
select Id,
cast('' as xml).value(
'xs:base64Binary(sql:column("AriTestTbl.AvatarBinary"))', 'varchar(max)'
)
from AriTestTbl
GO
Option 3: Convert binary to Base64 using XML and the hint "for xml path"
select Id,AvatarBinary,s
from AriTestTbl
cross apply (select AvatarBinary as '*' for xml path('')) T (s)
GO
Hope this helps...
I used SQL to convert a social security number to MD5 hash. I am wondering if there is a module or function in python/pandas that can do the same thing.
My sql script is:
CREATE OR REPLACE FUNCTION MD5HASH(STR IN VARCHAR2) RETURN VARCHAR2 IS
V_CHECKSUM VARCHAR2(32);
BEGIN
V_CHECKSUM := LOWER(RAWTOHEX(UTL_RAW.CAST_TO_RAW(SYS.DBMS_OBFUSCATION_TOOLKIT.MD5(INPUT_ST RING => STR))));
RETURN V_CHECKSUM;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
WHEN OTHERS THEN
RAISE;
END MD5HASH;
SELECT HRPRO.MD5HASH('555555555') FROM DUAL
thanks.
I apologize, now that I read back over my initial question it is quite confusing.
I have a data frame that contains the following headings:
df[['ssno','regions','occ_ser','ethnicity','veteran','age','age_category']][:10]
Where ssno is personal information that I would like to convert to an md5 hash number and then create a new column into the dataframe.
thanks... sorry for the confusion.
Right now I have to send my file to Oracle and then convert the ssn to hash and then export back out so that I can continue working with it in Pandas. I want to eliminate this step.
Using the standard hashlib module:
import hashlib
hash = hashlib.md5()
hash.update('555555555')
print hash.hexdigest()
output
3665a76e271ada5a75368b99f774e404
As mentioned in timkofu's comment, you can also do this more simply, using
print hashlib.md5('555555555').hexdigest()
The .update() method is useful when you want to generate a checksum in stages. Please see the hashlib documentation (or the Python 3 version) for further details.
hashlib with md5 might be of your interest.
import hashlib
hashlib.md5("Nobody inspects the spammish repetition").hexdigest()
output:
bb649c83dd1ea5c9d9dec9a18df0ffe9
Constructors for hash algorithms that are always present in this module are md5(), sha1(), sha224(), sha256(), sha384(), and sha512().
If you want more condensed result, then you may try sha series
output for sha224:
'a4337bc45a8fc544c03f52dc550cd6e1e87021bc896588bd79e901e2'
For more details : hashlib
I want to allow users to validate their email address by clicking on a link. The link would look something like
http://www.example.com/verifyemail?id=some-random-string
When I am sending this email, I want to be able to easily generate this 'some-random-string' from row id of user, an integer. and when user clicks on this link, generate that integer back.
Only requirement is this 'some-random-string' should be as opaque and non-guessable to the user as possible.
Finally, this is what I settled on
def p3_encrypt_safe(plain, key):
return base64.urlsafe_b64encode(p3_encrypt(plain, key))
used the nice crypto library from http://www.nightsong.com/phr/crypto/p3.py
addition of base64 safe encoding is mine.
Use encryption, that's exactly what it's designed for. Blowfish, AES, even DES3 if you don't need particularly high security.
Alternatively, you could compute an SHA-256 or SHA-512 (or whatever) hash of the email address and store it in a database along with the email address itself. That way you can just look up the email address using the hash as a key.
Your best choice is to generate a hash (one-way function) of some of the user's data. For example, to generate a hash of user's row id, you could use something like:
>>> import hashlib
>>> hashlib.sha1('3').hexdigest()
'77de68daecd823babbb58edb1c8e14d7106e83bb'
However, basing your pseudorandom string only on a row id is not very secure, as the user could easily reverse the hash (try googling 77de68daecd823babbb58edb1c8e14d7106e83bb) of such a short string.
A simple solution here is to "salt" the hashed string, i.e. add the same secret string to every value that is hashed. For example:
>>> hashlib.sha1('3' + 'email#of.user' + 'somestringconstant').hexdigest()
'b3ca694a9987f39783a324f00cfe8279601decd3'
If you google b3ca694a9987f39783a324f00cfe8279601decd3, probably the only result will be a link to this answer :-), which is not a proof, but a good hint that this hash is quite unique.