+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: How to compare in python an input value with an hashed value in mysql table? (/thread-23718.html)
How to compare in python an input value with an hashed value in mysql table? - Formationgrowthhacking - Jan-14-2020
I have a wordpress 5.3 websites which sell a software with license key.
The license key is encrypted and stored in Mysql table. there are 2 columns "license" and "hash":
license_key
def50200352f5dc4bd8181a9daebbf4f9177fe725111a5a479d64636d01c2a10074e0c645abe898dea18210af563a5334288420551ab61c18ca4506cd03aa5d2bdd40933ddf7ca4d4b61b1c0f58a3830cbe0891cf4ff526311d5d637a55a574eca2c3a1b487b56
hash 9498cbf8bf00d6c55e31f98ba6d8294afa3127a84f31aa622c4158ac7377c6dd
My python program get an input for user (the license key in string without any encrypton) and need to compare it with the official license key stored in Mysql database of our Wordpress website.
I read a lot of hashlib python, functions and methods. But I didn't find anywhere how could I "hash" the string input typed by user with some hash values from the table, in order to compare both values (the input license and the license stored in mysql table).
This topic To SHA512-hash a password in MySQL database by Python gave me a lot of information but didn't fix my issue.
Anyone has any odea how to proceed?
Thanks
RE: How to compare in python an input value with an hashed value in mysql table? - buran - Jan-14-2020
what hash function is used?
Although in the first place reasonable question is why store hash of the license key, not the license key itself?
RE: How to compare in python an input value with an hashed value in mysql table? - Formationgrowthhacking - Jan-14-2020
Thanks for trying to help me.
The license key is generated by the plugin "License manager for woocommerce":
https://wordpress.org/support/plugin/license-manager-for-woocommerce/
It looks like this in mysql table:
http://prntscr.com/qnejaj
I have no idea which hash function they use. I asked them on their support page.
I will have the same question for Wordpress user password. My python program will ask for login/password before to run the python code. I want to make this authentification process based on user's credentials stored in Wordpress database.
RE: How to compare in python an input value with an hashed value in mysql table? - buran - Jan-14-2020
If you have the license key in the DB why would you need to compare the hash, not the key itself?
Are you sure it's a hash of the key? It doesn't make sense to keep both the license key and it's hash in the DB.
Also hash may be hash of concatenation of several fields -e.g. license key + activation date + expiration date (just an example), so without knowing the hash function and what is hashed exactly it's difficult to calculate the hash
As to the passwords - it's not that simple question at all if it has to be done right
Maybe read https://crackstation.net/hashing-security.htm from gentle introduction
for example:
from hashlib import md5, sha256, sha512
key = 'def50200352f5dc4bd8181a9daebbf4f9177fe725111a5a479d64636d01c2a10074e0c645abe898dea18210af563a5334288420551ab61c18ca4506cd03aa5d2bdd40933ddf7ca4d4b61b1c0f58a3830cbe0891cf4ff526311d5d637a55a574eca2c3a1b487b56'
for hash_func in (md5, sha256, sha512):
print(hash_func(key.encode()).hexdigest())Output:e39f98acdcd52c6a5804d4f58f6a5219
d44607349c1d7d99d827cb58930883f800c54b0aa3b631179cb455ef05df808e
eed729e73dbcfc8ca05547a3e0c557b54d4051b823cb84a4a904505d6b57bbe5a3eae47f030f5b71342870d81ba1a5a18dd525b4b3a341d8bb7b38a1ce264768Looking at the source code - there is file
license-manager-for-woocommerce.zip\license-manager-for-woocommerce\includes\Crypto.php
they use sha256, but if I get it right they apply it on some encrypted string.
Encryption is done using https://github.com/defuse/php-encryption which is in
license-manager-for-woocommerce.zip\license-manager-for-woocommerce\vendor\defuse\php-encryption\docs
There is extensive documentation for that library.
Given the above I don't want to dive further into this plugin. There is API for the plugin, whay don't you use it for your needs (e.g. validate a key)?
RE: How to compare in python an input value with an hashed value in mysql table? - Formationgrowthhacking - Jan-14-2020
Thank you so much for your help.
You gave me enough info for further investigation.
I may come back with an update. I will try to fix this issue myself without bothering you again.
Litle details,
the license key is goldQ3T8-1QRD-5QBI-9F22
and it is stored in database already encrypted.
License key is not saved in database with clear text. It is already encrypted. I am not sure what is this hash column for?
License key =>
def50200962018b6bbed50fc53abca6bb076eb2947fc379e69bd38dcea9f8fbe29eedd43f1148e721d5f6657d8d0152356f5a7ba566dde545a9a354c7b42af88fe4ea7775a4e2ee1a26d8b8f7e3272cf5a8bbe38197fdf19e1726d5e2d769bae408cd511706388abad5a75
hash =>
25138e045e9f50022331340a26d0eecbd0d7ca6bfefee0275749025c4f56c3a8
see screenshot:
http://prntscr.com/qnhz8h
I thought the "hash" column was the key to encrypt or decrypt the license stored in column "license_key".
So I run your code for testing with appropriate licese key:
from hashlib import md5, sha256, sha512
key = 'goldQ3T8-1QRD-5QBI-9F22'
for hash_func in (md5, sha256, sha512):
print(hash_func(key.encode()).hexdigest())and it give this outpu:Output:ecc58b55c33fe6dfe3b49d6d63aad65b
f67e701240fbd964aa9a0eb81e2f549b8e3dd97e1aa3b1f5796fd12cd9b14005
8288f635fbab6d6511fc5aa63caf153fa434b3d351612cdf48dcf6abea4275cde5f0d6fffda2e7c6fd42350483603cf6959dd62c946eea2b75eca9f60a5cf5b7
Process finished with exit code 0=======================================
Regarding wordpress login, I didn't find any python library which can handle this authentification process.