+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: length constraint on phrase hash to password (/thread-20609.html)
length constraint on phrase hash to password - javaben - Aug-21-2019
Background
I have a general question regarding creating hashes from a passphrase, where the hash output will have to be constrained to a certain number of characters, using the sha256 hash. Note: my environment is currently limiting me to the hash methods available in hashlib for Python 3.5
I want to create login passwords for my use as a login password. It occurred to me I could use the hash function to do this. Note that I am not trying to hash passwords and store securely on a web site; instead, I'm hashing a phrase well known to me, to be the password that I create to log into the site. This allows me to have a general phrase which I can modify for an explicit site, so I don't have to memorize or write down a bunch of passwords.
So, given the phrase "This is a hashable phrase which will become a hash using sha256.". The 'digest' from this, per sha256 will return 32 bytes, which frequently will exceed the length of common web sites; I most frequently run into length constraints of 10 - 15 characters.
My question:
if I return the hashed digest, and strip off the remaining characters so that it limits the returned hash value (e.g., hashValue[:length], is that a big deal? I realize it's removing some of the security, but the web site login is already limiting the length.
It seems to me that this should be acceptable, but I'm not very deep into security.
Thanks!
javaben