Advanced Research: Secure Password Storage using Python Hashing

Verified

Added on 2022/09/09

AI Summary

This document delves into the critical topic of password hashing within the Python programming environment. It emphasizes the importance of secure password storage to prevent unauthorized access and data breaches. The paper explores the concept of password hashing, where a hash function is applied to user-provided passwords, and the resulting hash is stored instead of the plain text password. It highlights the use of key derivation functions like pbkdf2 and scrypt, with a focus on scrypt's robustness against attacks due to its memory and CPU-intensive nature. The document also outlines the two primary functions involved in the hashing process: `hash_password` for encoding passwords and `verify_password` for matching user-entered passwords during login. The process involves generating a random string (salt) and adding it to the password before hashing, ensuring unique hash results. The paper includes a step-by-step explanation of how these functions work, including the conversion of strings to bytes and the matching process during login. The document concludes by referencing supporting literature to provide further information.

Running head: ADVANCED RESEARCH
Advanced Research
Name of Student-
Name of University-
Author’s note-

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ADVANCED RESEARCH
Password hashing in python
Storing password without having risk to leak
Avoiding the password storage is the best practice that is known so far. The database
stores the passwords and if the passwords were stored in plain text in database, any unauthorized
person can see the password and anyone can access other’s server. Using other’s password is to
invade the user’s policy. So to store the password securely in the database password hashing is
done (Nielson and Monson 2019). With the concept of password hashing, hash function is added
to the input of the user and the hash is then stored as a password in the database. Software that
are used in login only checks whether password that is provided by user is properly given or not.
If the password matches with the hash password in the database, then the password is correct or
it is not.
Storing of password is a standard practice and storing they are stored as hash in the
database. Along with the hash, there is some randomly generated string that is added to the
password hash. This random string is added to the password before hashing is done. As this is
randomly generated number, this ensures that hashes that have equal number usually generated
different results. Some of the hashing functions are provided from the python standard library
and they are useful to store the passwords.
How to do hashing in python
There are key derivation functions in Python 3 that are appropriate for storing the
passwords. The key derivation functions are pbkdf2 and scrypt. The scrypt key is the most
robust key against attacks among both the keys (Vidhya 2018). This key is robust with attacks

2ADVANCED RESEARCH
because it is memory and CPU heavy and this key only works on the systems that includes
OpenSSL. The other key works on any system.
From the security view, using the scrypt key will be the best to use. Users can also use
pbkdf2 because this key has wider availability and this key is available with old version of
Python that it is used in Python 3.4 also (Ortega, Sarker, and Washington 2019). Both the
functions in Python can be used for hashing the password that is provided by the users for storing
the passwords on the disks or on the database. These two functions are also used to verify the
password with the password that are already being stored in the database.
Working process of the hash keys
Two functions are involved in hashing the password provided by the users.
1. hash_password: This function helps to encode the password that is provided so that it
can be stores safely on the disk or on the database.
2. Verify_password: This functions helps to match the password that is given by the
users. With a password that is encoded stored in the database, this function matches the new
password entered by the user at the time of re-login and shows the result of matching.
Different functions are performed by the hash_password. This function first generates
some random generated string that is too be added to the password entered by the user (Kamal
2019). This random number includes sha256 hash including some random bytes that is usually
read from os.urandom. This helps to extract the representation of the string as some set of
hexadecimal numbers. These numbers are then added to the password before the hashing
process.

3ADVANCED RESEARCH
After the random number is added with the password, the string is then hashed in
randomize way. Before hashing (Wijayarathna and Arachchilage 2018). Both the strings are
converted to bytes as because the function of hashing taken only bytes as its input. The random
string is encoded as ASCII and the password given by the user is encoded as utf-8. This function
includes any possible character that can be entered by the user.
After the storing of the password safely, verify_password can be used to match the
password when the user wants to login again. This function takes two arguments; the previously
stored hash password and the new password that is entered by the user (Hatzivasilis 2017). This
function then extracts the random generated string from the hash function and the random string
and the password of the user is given to pbkdf2_hmac so that their hash can be computed and
converting those numbers to strings. If the string that is converted matches with the user
provided new password that is to be matched, them this functions sends and match signal and the
user is able to login. This process is being carried out every time the user provides password to
login and the passwords that were provided earlier is securely stored in the database using
python hashing.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ADVANCED RESEARCH
References
Hatzivasilis, G., 2017. Password-Hashing Status. Cryptography, 1(2), p.10.
Kamal, P., 2019. Security of Password Hashing in Cloud. Journal of Information
Security, 10(02), p.45.
Nielson, S.J. and Monson, C.K., 2019. Hashing. In Practical Cryptography in Python (pp. 21-
52). Apress, Berkeley, CA.
Ortega, J.M., Sarker, M.F. and Washington, S., 2019. Learning Python Networking: A complete
guide to build and deploy strong networking capabilities using Python 3.7 and Ansible. Packt
Publishing Ltd.
Vidhya, S., 2018. Network Security using Python.
Wijayarathna, C. and Arachchilage, N.A., 2018, June. Why Johnny Can't Store Passwords
Securely? A Usability Evaluation of Bouncycastle Password Hashing. In Proceedings of the
22nd International Conference on Evaluation and Assessment in Software Engineering 2018 (pp.
205-210).