Why can bcrypt.hashpw be used both for hashing and verifying passwords?

python hash salt bcrypt
10,473

Solution 1

In the expression bcrypt.hashpw(password, hashed) only the first couple of characters of hashed are used for the salt, not the entire string.

For instance, in this example how the output of hashpw() begins with the salt:

salt1 = b"$2a$12$w40nlebw3XyoZ5Cqke14M."

print "salt1:", salt1
print "hash1:", bcrypt.hashpw(password, salt1)

prints:

salt1: $2a$12$w40nlebw3XyoZ5Cqke14M.
hash1: $2a$12$w40nlebw3XyoZ5Cqke14M.d.7cdO2wJhr/K6ZSDjODIxLrPmYzY/a

so there is a convention where the salt only goes up the first period or the first 29 characters.

Solution 2

The hashpw function returns the salted hash (iterated many times, following bcyrpt spec), preceeded by the salt used (and with a dot as seperator).

In : salt = bcrypt.gensalt()
In : all(salt == bcrypt.hashpw(pw,salt)[:len(salt)] for pw in ('','12345','asdfgh'))
Out: True

If the second argument to bcrypt.hashpw is recognized as of the form VALID_SALT.VALID_HASH, then the salt is automagically set to VALID_SALT, thus producing the same salt-hash-pair as the original password on identical pw input.

Share:
10,473
Juan Carlos Coto
Author by

Juan Carlos Coto

Updated on July 18, 2022

Comments

  • Juan Carlos Coto
    Juan Carlos Coto almost 2 years

    Using bcrypt with Python 2.7, I can see that the example uses the bcrypt.hashpw to both hash a password for storage and verify that the given password matches a hashed one, like so:

    Hashing

    import bcrypt
password = b"somepassword"
hashed = bcrypt.hashpw(password, bcrypt.gensalt())

    Ok, so far so good. The given password is now hashed using bcrypt, so it is a string of hashed bytes.


    Verifying

    Now, here's the part that confuses me: to check that a plaintext password matches a hashed password, the same function is used, using the hashed password as a salt:

    if bcrypt.hashpw(password, hashed) == hashed:
    print("It Matches!")
else:
    print("It Does not Match :(")


    What's happening?

    Shouldn't the results of both bcrypt.hashpw calls be different, since the input salts are different?

    The only reasonable answer I can think of is that the salt is truncated to a fixed length before being prepended to the hashed password. That way, when using the result of the hash, only the generated salt is left (after stripping off the trailing hashed password), and the result of hashing the password with the truncated salt is the same as the original. I don't have any evidence to support this, though.

    Why does this work?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

bcrypt in python
What are Salt Rounds and how are Salts stored in Bcrypt?
Salt and hash a password in Python
Understanding and cracking salted sha512 hashes
Why do I get this error while trying to modify a dictionary: "TypeError: unhashable type: 'slice'
Storing passwords with sha1 and salt
ImportError: No module named bcrypt
The most effective way to assign unique integer id to a string?
Pandas - Generate Unique ID based on row values
Which bcrypt cost to use for 2018?