我正在使用一些软件,将其内部用户数据库存储在 JSON 文件 (users.json) 中,其中每个用户都有一个名为
passwordpbkdf2:10000:f30dd5755d4d172d:e7b2fdda936b4ad5335c3b76c8f3568b0e3b14ce1d9b8ca1e32b7627545d0a3811aa3407a814731b1ee1c86e108c66c1616b1ea2570f7ecf8d04d4f465c33947
我想通过 python 以编程方式修改此
users.json如何生成新密码的
pbkdf2:xxxxxx那个
pbkdf2:10000:f30dd5755d4d172d:e7b2fdda936b4ad5335c3b76c8f3568b0e3b14ce1d9b8ca1e32b7627545d0a3811aa3407a814731b1ee1c86e108c66c1616b1ea2570f7ecf8d04d4f465c33947
遵循格式
pbkdf2:iterations:saltinhexstring:hash64bytesinhexstring
要生成新的
pbkdf2:xxx例如,
pbkdf2:10000:f30dd5755d4d172d:e7b2fdda936b4ad5335c3b76c8f3568b0e3b14ce1d9b8ca1e32b7627545d0a3811aa3407a814731b1ee1c86e108c66c1616b1ea2570f7ecf8d04d4f465c33947adminpbkdf2_hmac('sha1',...)您可以通过
adminf30dd5755d4d172d10000from hashlib import pbkdf2_hmac
iterations = 10000
salt = bytes.fromhex('f30dd5755d4d172d')
passwordtohash = 'admin'
hash = pbkdf2_hmac('sha1',bytes(passwordtohash,'utf-8'), salt, iterations, dklen=64)
print(f"pbkdf2:{iterations}:{salt.hex()}:{hash.hex()}")
# pbkdf2:10000:f30dd5755d4d172d:e7b2fdda936b4ad5335c3b76c8f3568b0e3b14ce1d9b8ca1e32b7627545d0a3811aa3407a814731b1ee1c86e108c66c1616b1ea2570f7ecf8d04d4f465c33947
或者一般来说,一个全新的密码(带有新的随机盐):
from hashlib import pbkdf2_hmac
import os
import random
import string
iterations = 10000
salt = os.urandom(8)
passwordtohash = ''.join(random.choice(string.ascii_uppercase) for _ in range(16))
hash = pbkdf2_hmac('sha1',bytes(passwordtohash,'utf-8'), salt, iterations, dklen=64)
print(f"New password: '{passwordtohash}'")
print(f"pbkdf2:{iterations}:{salt.hex()}:{hash.hex()}")
New password: 'LGVDFKSBEUISDGUM'
pbkdf2:10000:0ef9f6feb244efc1:2e61922d793aca79f5ad326033987d8714779795cc26e99fae2f44014afac4efdbe17e543379afd1d578a16ee3f4476dc4112cf047c908868ed0318cdf248d64