Python Forum

Full Version: how can I generate a password in hashlib
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
Hi
i have a csv file, it contain name and password. I am going to readout and write the password in a csv file.

import csv
import itertools
from collections import OrderedDict
import hashlib

with open ('code.csv', 'r') as input_file_name:
    reader=csv.reader(input_file_name)
    key=[]
    val1=[]
    for row in reader:
        name = row[0]
        val=[str(num) for num in row[1:]]
        key.append(name)
        val1.append(val)
        value = list(itertools.chain.from_iterable(val1)) #making a simple list from list of list in value
        value=[str(i) for i in value]
    print(key)
    dictionary = dict(zip(key, value))
print(dictionary)
my problem is, how can I generate password from the value in dictionary.
in the other words reach the password, I know the pass can be varied between 1000 to 9999.

sample input csv file:
Quote:peter,99b057c8e3461b97f8d6c461338cf664bc84706b9cc2812daaebf210ea1b9974
adam,85432a9890aa5071733459b423ab2aff9f085f56ddfdb26c8fae0c2a04dce84c
and the correct output:
Quote:peter,5104
adam,9770
Do you know what algorithm (hash-function) is used? Do you know difference between hashing and encryption?
Hash is a one-way transformation, so you need to calculate the hash (using the correct hash-function) for all possible passwords (1000-9999) (that's called rainbow table) and compare the hash from the file with calculated in the rainbow table
its 'sha256'
as I found out from web, I should encode the value in the dictionary
I have tried
hashlib.sha256("a".encode('utf-8')).hexdigest()
and I reach
Quote:<sha256 HASH object @ 0x00000246AA5E1DC8>
from this point I can not go further. I dont know what to do.

as I know from the question I should use a loop from 1000 to 9999 and decode the value of the dictionary.

they used this process to generate that hash. and now I should do it in reverse process.

#for  peter,5104
import hashlib

def encrypt_string(hash_string):
    sha_signature = \
        hashlib.sha256(hash_string.encode()).hexdigest()
    return sha_signature
hash_string = '5104'
sha_signature = encrypt_string(hash_string)
print(sha_signature)
the output is:
Quote:99b057c8e3461b97f8d6c461338cf664bc84706b9cc2812daaebf210ea1b9974
again - you can not reverse the hash, it's one-way by nature (vs encryption which is two-way - encrypt and decrypt)
so you need to calculate sha256 for every possible password store these calculated hashes in a dict (hash would be key, password from which is calculated is value). then iterate over file a look for key:value from the dict you created where key match the value from file
So I should make a hash in a for loop from 1000 to 9999 and check them with the values, that I have gathered from the csv file?
(May-07-2019, 11:56 AM)go127a Wrote: [ -> ]So I should make a hash in a for loop from 1000 to 9999 and check them with the values, that I have gathered from the csv file?
yes. by the way are you sure code password like 0001 is not allowed?
Make sure to calculate all hash values just once and store calculated values. Don't calculate all for each line in the file
I am going to try this code is it okay?

i think that i can make a dictionary from the hash and finally check the dicthashvalue with the first dictionary and print out the related keys.

import hashlib
keyhash=[]
valhash=[]
for i in range (1000,9999):
    keyhash.append(i)
    itemstr=str(i)
    val1=hashlib.sha256(itemstr.encode()).hexdigest()
    valhash.append(val1)
    dichashlib=dict(zip(keyhash, valhash))
why do you need to complicate things that much? And you want the hash to be the key, not other way around.

import hashlib

rainbow_dict = {}
for i in range(1000, 10000): # note you need upper end to be 10000 in odrder to include 9999
    my_hash = hashlib.sha256(str(i).encode()).hexdigest()
    rainbow_dict[my_hash] = i

# or replace lines 3-7 with a single line    
#rainbow_dict = {hashlib.sha256(str(i).encode()).hexdigest():i for i in range(1000, 10000)}
 
# sample with 3 random hashes 
passwords = ['c56b05eb525718f02df539e071361dd58b168a5a70abdb3148d44f98c46c38cd',
             'f476ef220e571593579ae60582fe52a888309b21d4a01cf1cd56a14084d9db27',
             '1828526428f17576e6581a0b9c893ecf79c1fdc20f495f0bdc98b559b25b92a6']
          
for password_hash in passwords:
    print(f'{password_hash} --> {rainbow_dict[password_hash]}')
    
print(hashlib.sha256('2523'.encode()).hexdigest() == passwords[0])
thanks,
now I have one dictionary from csv file:
Quote:dict_csv={'danial': '99b057c8e3461b97f8d6c461338cf664bc84706b9cc2812daaebf210ea1b9974', 'peter': '85432a9890aa5071733459b423ab2aff9f085f56ddfdb26c8fae0c2a04dce84c'}

is it correct to catch the name the password:

listval=[]
for item in dict_csv.values():
    listval.append(item)
list1=[k for k,v in dict_csv.items() if v in listval]
#print(list1)
list2=[v for k,v in rainbow_dict.items() if k in listval]
#print(list2)
list3 = [ item for pair in zip(list1, list2 + [0]) for item in pair]
print(list3)
so I can reach below list:
Quote:['danial', 5104, 'peter', 9770]


and after that rewrite the data on my csv file. final results. i dont know how!? if you can please help me with it...
Quote:danial,5104
peter,9770
Big Grin Big Grin rainbow_dict :-D

The usual way of password storing is following:
  1. The password is submitted as clear text to the server (ssl should used, if it's on the web)
  2. The server receives the password in clear text
  3. The server creates a new string, based on the clear text password and a random generated *salt
  4. The new string is hashed with a good algorithm. sha256 is ok. Md5 is not ok.
  5. The hash is stored in the database or somewhere else. The clear text password is thrown away.

The usual way of password checking is following:
  1. Client submits the clear text password to the server (don't forget transport encryption).
  2. The server generates the hash value on same way, as it was stored before. The hash value is based on the concatenated password and salt.
  3. The server knows the requested identity(Username or E-Mail) and loads the hash value from the database.
  4. The server compares the crated hash value with the hash value from the database. (Timing attacks)
  5. If both strings are equal, the password was the right one.

The *salt is a random generated string of bytes. It's saved in the database or in configuration files.
This salt is used to generate hash values from submitted passwords.

If you don't use salt, you can access this big databases: http://project-rainbowcrack.com/table.htm
Then you don't have to create your own rainbow table. It's already since long time in the public.

Allowing only passwords like 0 - 9999 is crazy (low entropy).
Saving them without salt, is like saving them as clear text.
Pages: 1 2 3