Using hashlib for user password

seadoofanatic · (This post was last modified: Mar-02-2018, 06:14 PM by micseydel.)

So I have to hash a user entered password and then write the hashed password to a file. The code I have puts the clear text password into the file not the hash.
This is my code for my function

import hashlib

def writeHashedPswd(password):
    
    
   # try:
        myhash = hashlib.md5(password)
        myfile = open("password.txt", "w")
        myfile.write(password + '/n')
        password = myhash.hexdigest()
        myfile.close()
      
        myfile = open("password.txt", "a")
        myfile.write("an error occured.")
        myfile.close()

Code for program file

import a8

password = raw_input('Enter your password: ')
a8.writeHashedPswd(password)

What am I missing? Thanks!

**Gribouillis** · Mar-02-2018, 07:36 PM

At line 9 you are writing the password into the file.

seadoofanatic · Mar-04-2018, 03:54 PM

Do I need to remove line 9 then?

(Mar-02-2018, 07:36 PM)Gribouillis Wrote: At line 9 you are writing the password into the file.

wavic · (This post was last modified: Mar-04-2018, 04:39 PM by wavic.)

I don't know what is the purpose of this but hashing a password with md5 is dangerous. Use at least sha256. Which is not safe too. With a proper hardware is not so time-consuming to find the password.

Look at argon2id or argon2i with at least 3-5 passes.

Ah, Homework forum... Sorry!

DeaD_EyE · Mar-04-2018, 04:48 PM

Please use pbkdf2 from hashlib.
Use as 64bit salt and a sha512 as algorithm for example. Md5 is for security a nightmare. Plase tell this your teacher. Don not use md5 to hash passwords.

Using hashlib for user password

User Panel Messages

Announcements