Day 071 - Project 71 : Hashing passwords

That’s because it is LOL, it’s just one huge dictionary full of various values.

1 Like

that’s why I said that it was one :slight_smile:

You didn’t say it was one. You said it was just like one.

So this is just a barebone skeleton of the code for this lesson but how did I get an error which not even google heard about? :

from replit import db
import os, time, random

while True:
  menu = input("""1.Add
2.Login
>""")

  if menu == "1":
    username = input("""Set your username
>""")
    password = input("""Set your password
>""")
    salt = random.randint(1000,9999)
    saltyPassword = f"{password}{salt}"
    hashedSaltyPassword = hash(saltyPassword)
    db[username] = {"password": hashedSaltyPassword, "salt": salt}

  elif menu == "2":
    username = input("Username >")
    password = input("Password >")
    salt = db[username][salt]
    password = f"{password}{salt}"
    password = hash(password)
    if password == db[username][password]:
      print('Login succesful')

and I get this:

Traceback (most recent call last):   File "main.py", line 22, in <module>     salt = db[username][salt]   File "/home/runner/Day71100Days/venv/lib/python3.8/site-packages/replit/database/database.py", line 323, in __getitem__     return self.value[k] KeyError: 4017

Pardon my formatting, Im just figuring out how to use this forum.

Try to format it and share the repl, this also helps.
Formatting you can just type ```before your code and afterwards.

What you suggest is called a pepper. The point of salts is to make rainbow table attacks more difficult. It is usually not a vulnerability to have saved salts.

what is the functionality difference between the 2 below?

 db[user] = {"password": newpw, "salt":salt}
 db["user"] = {"password": newpw, "salt":salt}
1 Like

user is a variable and “user” is a string

4 Likes

Hello! I have managed to make it to Day 71 without completely giving in to my frustrations hahaha! My question is what is the difference between the use of quotation marks in the key section referenced below? I assume it has something to do with storing multiple key: value pair data?

db["user"] = {"password": newpw, "salt":salt}

db[user] = {"password": newpw, "salt":salt}

----- here is the rest of my code for reference -----

https://replit.com/@kotacoded/Day71100Days#main.py

3 Likes

"user" is a string, user is the variable you inputted:

user= input("Username > ")
5 Likes

thank you @QwertyQwerty88 ! I figured that much so the confirmation helps a ton!

2 Likes

Anyone help me understand why—no matter how wrong the password is—it tells me I’m ‘Logged in’??

from replit import db
import random, os, time

def newUser():
  time.sleep(1)
  os.system("clear")
  username = input("Type new Username > ")
  print()
  password = input("Type new password > ")
  print()
  keys = db.keys()
  if username in keys:
    print("ERROR: Username exists")
    return


  salt = random.randint(11111,99999)
  newPassword = hash(f"{password}{salt}")

  db[username] = {"password":newPassword,"salt":salt}


def login():
  time.sleep(1)
  os.system("clear")
  username = input("Type new Username > ")
  print()
  password = input("Type new password > ")
  print()
  keys = db.keys()
  if username not in keys:
    print("ERROR: Username does not exist")
    return


  salt = db[username]["salt"]
  newPassword = hash(f"{password}{salt}")

  db[username] = {"password":newPassword,"salt":salt}

  if db[username]["password"]==newPassword:
    print("Logged in")
  else:
    print("username or password incorrect")


while True:
  menu = input("1. New User\n2. Login\n > ")
  if menu=="1":
    newUser()

  elif menu=="2":
    login()

  else:
    keys = db.keys()
    for key in keys:
      print(db[key])

ohhh. I see it now.

 db[username] = {"password":newPassword,"salt":salt}

overwriting by not removing this in my login()

4 Likes

I’d recommend changing these lines in login(), as you’re not creating a new account there.

1 Like

I agree entirely and am also being somewhat lazy with my strings and naming conventions. :stuck_out_tongue:

2 Likes
from replit import db

password = "Baldy1"
salt = 10221
newPassword = f"{password}{salt}"
newPassword = hash(newPassword)
print(newPassword)

db["david"] = {"password": newPassword, "salt": salt}

Why do we need to store salt in the db as well when it is already included in the newPassword?

1 Like

It isn’t, because we hashed it.

2 Likes

It’s good to do that afaik (because then each password can have a different salt, and people won’t be able to notice two users having the same password as easily)

2 Likes

What sis the logic behind storing it seperately?