One of the less commonly used, yet more secure hash functions, is Bcrypt. Bcrypt hashes were designed to be slow when encrypting and decrypting hashes. This design was used to prevent hashes from being easily cracked if hashes got leaked to the public, for example from a database exposure.
For this script, we will be using the bcrypt module within Python. This can be installed by using either pip or easy_install, albeit you will want to ensure version 0.4 is installed and not version 1.1.1, as version 1.1.1 removes some functionality from the Bcrypt module.
Generating Bcrypt hashes within Python is similar to generating other hashes such as SHA and MD5, but also slightly different. Like the other hashes, we can either prompt the user for a password or hard-code it into the script. The hashing in Bcrypt is more complex due to the use of randomly generated salts, which get appended to the original hash. This increases the complexity of the hash and therefore increases the security of the password stored within the hash function.
This script also has a checking module at the end, which relates to a real-world example. It requests the user to re-enter the password they want to hash and ensures that it matches the original input. Password confirmation is a very common practice among many developers and in the modern age, nearly every registration form uses this:
import bcrypt
# Let's first enter a password
new = raw_input('Please enter a password: ')
# We'll encrypt the password with bcrypt with the default salt value of 12
hashed = bcrypt.hashpw(new, bcrypt.gensalt())
# We'll print the hash we just generated
print('The string about to be stored is: ' + hashed)
# Confirm we entered the correct password
plaintext = raw_input('Please re-enter the password to check: ')
# Check if both passwords match
if bcrypt.hashpw(plaintext, hashed) == hashed:
print 'It's a match!'
else:
print 'Please try again.'We start the script off by importing the required module. In this case, we only need the bcrypt module:
import bcrypt
We can then request the input from the user by using the standard raw_input method:
new = raw_input('Please enter a password: ')After we have the input, we can get down to the nitty gritty hashing methods. To begin with, we use the bcrypt.hashpw function to hash the input. We then give it the value of the inputted password and then also randomly generate a salt, using bcrypt.gensalt(). This can be achieved by using:
hashed = bcrypt.hashpw(new, bcrypt.gensalt())
We then print the hashed value out to the user, so they can see the hash that has been generated:
print ('The string about to be stored is: ' + hashed)Now, we start the password confirmation. We have to prompt the user for the password again so that we can confirm that they entered it correctly:
plaintext = raw_input('Please re-enter the password to check: ')Once we have the password, we check whether both passwords match by using the == feature within Python:
If bcrypt.hashpw(plaintext, hashed) == hashed: print "It's a match" else: print "Please try again".
We can see the script in action as follows:
Please enter a password: example The string about to be stored is: $2a$12$Ie6u.GUpeO2WVjchYg7Pk.741gWjbCdsDlINovU5yubUeqLIS1k8e Please re-enter the password to check: example It's a match! Please enter a password: example The string about to be stored is: $2a$12$uDtDrVCv2vqBw6UjEAYE8uPbfuGsxdYghrJ/YfkZuA7vaMvGIlDGe Please re-enter the password to check: incorrect Please try again.