Why is bcrypt.hashpw used for both hashing and password checking?

Question

Why is bcrypt.hashpw used for both hashing and password checking?

Using bcryptwith Python 2.7, I see that the example is used bcrypt.hashpwto hash a password to store and verify that this password matches the hash, for example:

hashing

import bcrypt
password = b"somepassword"
hashed = bcrypt.hashpw(password, bcrypt.gensalt())

Ok, so far so good. This password is now hashed using bcrypt, so this is a string of hashed bytes.

Check

Now here is the part that bothers me: to verify that the plaintext password matches the hashed password, the same function is used, using the hashed password as the salt:

if bcrypt.hashpw(password, hashed) == hashed:
    print("It Matches!")
else:
    print("It Does not Match :(")

What's happening?

Should the results of both calls bcrypt.hashpwbe different, since the input salts are different?

, , , , . , ( ), . , .

?

+4

python bcrypt hash salt

Juan Carlos Coto 11 . '14 0:15

2

hashpw ( , bcyrpt spec), ( ).

In : salt = bcrypt.gensalt()
In : all(salt == bcrypt.hashpw(pw,salt)[:len(salt)] for pw in ('','12345','asdfgh'))
Out: True

bcrypt.hashpw VALID_SALT.VALID_HASH, VALID_SALT, , --, pw .

+4

ch3ka 11 . '14 0:39

ErikR · Accepted Answer · 2014-12-11T00:22:55+0000

bcrypt.hashpw(password, hashed) hashed, .

, , hashpw() :

salt1 = b"$2a$12$w40nlebw3XyoZ5Cqke14M."

print "salt1:", salt1
print "hash1:", bcrypt.hashpw(password, salt1)

:

salt1: $2a$12$w40nlebw3XyoZ5Cqke14M.
hash1: $2a$12$w40nlebw3XyoZ5Cqke14M.d.7cdO2wJhr/K6ZSDjODIxLrPmYzY/a

, 29 .

Why is bcrypt.hashpw used for both hashing and password checking?

hashing

Check

What's happening?

More articles: