How to Generate a Password Hash in Python

Hopefully, you’ll never see this after reading this article. πŸ˜‰

Problem Formulation and Solution Overview

This article will show you how to generate password hashes in Python.

To make it more interesting, we have the following running scenario:

When new users join the Finxter Academy, they are asked for a password. How can we keep this data secure? To secure these passwords, we must convert all text-based passwords to indecipherable strings, also known as hashes.

Below are various ways to accomplish this task.


πŸ’¬ Question: How would we write code to generate a password hash?

We can accomplish this task by one of the following options:


Method 1: Use encode(), digest() and hexdigest()

This example imports Python’s built-in hashlib library, and calls encode() and digest() to convert a password into an unrecognizable string.

import hashlib

pwd_orig = 'dDbxr9K9i%1&'.encode()
pwd_tmp = hashlib.sha256(pwd_orig)
pwd_hash = pwd_tmp.digest()
pwd_secure = pwd_tmp.hexdigest()
print(pwd_secure)

The above code imports the hashlib library, which contains various ways to deal with converting raw messages into an encrypted format.

Then, a password is declared, converted to a byte object using encode() and saved to pwd_orig. If output to the terminal, the contents would be as follows.

b'dDbxr9K9i%1&'

πŸ’‘Note: This variable could be modified to retrieve data from a form submission where users sign up/join.

Next, hashlib.sha256() is called and passed one (1) argument, pwd_orig. The results save to pwd_tmp as a hash object. If output to the terminal, the contents would be similar to below.

<sha256 _hashlib.HASH object @ 0x00000266C9183CB0>

Then, a binary hash is generated using digest() and saved to pwd_hash. If output to the terminal, the contents would be as follows.

b'#\xa7\xb5\x82?\xf6\xdc\xbcE<\x195\xf51\xf7\xe0Y\xfa\xf8o\x08B\xb4\x8b\xc0]\xd4\x97\x8fx\xd5\xd3'

To make it more readable, hexdigest() is applied to pwd_tmp and saved to pwd_secure. The final output is as follows.

23a7b5823ff6dcbc453c1935f531f7e059faf86f0842b48bc05dd4978f78d5d3

Method 2: Use encode(), gensalt() and hashpw()

This example imports Python’s built-in hashlib library, and calls encode(), gensalt() and hashpw() to convert a password into an unrecognizable string.

import bcrypt
  
pwd_orig = 'dDbxr9K9i%1&'.encode()
pwd_salt = bcrypt.gensalt()
pwd_hash = bcrypt.hashpw(pwd_orig, salt)
print(pwd_hash)

The above code imports the bcrypt library, which offers a modern password hashing option for software and servers

Then, a password is declared, converted to a byte object using encode() and saved to pwd_orig. If output to the terminal, the contents would be as follows.

b'dDbxr9K9i%1&'

Next, bcrypt.gensalt() is called and the results save to salt. If output to the terminal, the contents would be as follows.

b'$2b$12$PX9hle0JZ/b9hIHkLrGhr.'

πŸ’‘ Note: Salt is a fixed-length random cryptographically-based value added to hash functions to create uniqueness.

Finally, bcrypt.hashpw() is called and passed two (2) arguments: pwd_orig and salt. The results save to pwd_hash and output to the terminal.

b'$2b$12$2NBY9452IhDGRMI1Rnof1OHQrv3MuLo1aqtwOQWhZpbo7qVR6NeKq'

Method 3: Use encode, digest(), md5() and hexdigest()

This example runs along the same lines as Method 1. However, we do something slightly different here (we use md5()) to convert a password into an unrecognizable string.

The md5() function method creates an object that calculates the hash value of a specified string.

import hashlib
  
pwd_orig = 'dDbxr9K9i%1&' + 'FiNxt#r'
pwd_hash = hashlib.md5(pwd_orig.encode())
pwd_hash = pwd_hash.hexdigest()
print(pwd_hash)

The above code imports the hashlib library, which contains various ways to deal with converting raw messages into an encrypted format.

Then, a password is declared and an extra value is appended ('FiNxt#r'). The results save to pwd_orig. If output to the terminal, the contents would be as follows.

dDbxr9K9i%1&FiNxt#r

Next, hashlib.md5() is called and passed one (1) argument, pwd_orig.encode(). The results return an md5 object. If output to the terminal, the contents would be as follows.

<md5 _hashlib.HASH object @ 0x000001E88B8F3CB0>

Then, a binary hash is generated using digest() and saved to pwd_hash. If output to the terminal, the contents would be as follows.

1eec076908598a2f62f6529fb22a8625

Bonus: One-Liner

This example uses a one-liner to accomplish the same tasks as above.

import hashlib as h;print(h.md5(b'hello world').hexdigest())

Output from the above is as follows.

f84412f77da4eadb04132dba1c5fe3c7

The above code takes the one-liner to a new level!


Summary

This article has provided four (4) ways to Generate a Password Hash to select the best fit for your coding requirements.

Good Luck & Happy Coding!


Programming Humor – Python

“I wrote 20 short programs in Python yesterday. It was wonderful. Perl, I’m leaving you.”xkcd