I suppose the salt may be attached to the hashed password, so you may have to pull off the salt, use it to hash the password, then add it to the hash. The .check_password() method probably does that automatically. Maybe you can just use that method directly.
Anthony On Monday, December 19, 2011 10:45:17 AM UTC-5, greenguerilla wrote: > > Hi Anthony, > > I'm using this python module which claims to mimic the encyption used > in phpBB: > https://github.com/exavolt/python-phpass > It seems to be working fine so far. > > Here are some examples: > > In [11]: import phpass > > In [12]: from phpass import PasswordHash > > In [13]: p = PasswordHash() > > In [14]: password = 'mypassword' > > In [15]: hash1 = p.hash_password(password) > > In [16]: hash2 = p.hash_password(password) > > In [17]: hash3 = p.hash_password(password) > > In [18]: hash1 == hash2 > Out[18]: False > > In [19]: hash1 == hash3 > Out[19]: False > > In [20]: hash2 == hash3 > Out[20]: False > > In [22]: p.check_password(password, hash1) > Out[22]: True > > In [23]: p.check_password(password, hash2) > Out[23]: True > > In [24]: p.check_password(password, hash3) > Out[24]: True > > In [25]: wrongHash = p.hash_password('notmypassword') > > In [26]: p.check_password(password, wrongHash) > Out[26]: False > > > With regard to the issue of the hash being different every time, I > reckon it is because this algorithm uses a salt (http:// > en.wikipedia.org/wiki/Salt_%28cryptography%29). Apparently it is more > secure... > > Regards, > > John > > On Dec 16, 4:07 pm, Anthony <abas...@gmail.com> wrote: > > > Unfortunately this solution will not work for me as I get a different > > > hash every time I call the hash password function for the same > > > plaintext password. > > > > What hash function are you using. If you use the same key, it should > always > > return the same output for a given input. > >
