That’s because it is LOL, it’s just one huge dictionary full of various values.
that’s why I said that it was one
You didn’t say it was one. You said it was just like one.
So this is just a barebone skeleton of the code for this lesson but how did I get an error which not even google heard about? :
from replit import db
import os, time, random
while True:
menu = input("""1.Add
2.Login
>""")
if menu == "1":
username = input("""Set your username
>""")
password = input("""Set your password
>""")
salt = random.randint(1000,9999)
saltyPassword = f"{password}{salt}"
hashedSaltyPassword = hash(saltyPassword)
db[username] = {"password": hashedSaltyPassword, "salt": salt}
elif menu == "2":
username = input("Username >")
password = input("Password >")
salt = db[username][salt]
password = f"{password}{salt}"
password = hash(password)
if password == db[username][password]:
print('Login succesful')
and I get this:
Traceback (most recent call last): File "main.py", line 22, in <module> salt = db[username][salt] File "/home/runner/Day71100Days/venv/lib/python3.8/site-packages/replit/database/database.py", line 323, in __getitem__ return self.value[k] KeyError: 4017
Pardon my formatting, Im just figuring out how to use this forum.
Try to format it and share the repl, this also helps.
Formatting you can just type ```before your code and afterwards.
What you suggest is called a pepper. The point of salts is to make rainbow table attacks more difficult. It is usually not a vulnerability to have saved salts.
what is the functionality difference between the 2 below?
db[user] = {"password": newpw, "salt":salt}
db["user"] = {"password": newpw, "salt":salt}
user is a variable and “user” is a string
Hello! I have managed to make it to Day 71 without completely giving in to my frustrations hahaha! My question is what is the difference between the use of quotation marks in the key section referenced below? I assume it has something to do with storing multiple key: value pair data?
db["user"] = {"password": newpw, "salt":salt}
db[user] = {"password": newpw, "salt":salt}
----- here is the rest of my code for reference -----
"user"
is a string, user
is the variable you inputted:
user= input("Username > ")
Anyone help me understand why—no matter how wrong the password is—it tells me I’m ‘Logged in’??
from replit import db
import random, os, time
def newUser():
time.sleep(1)
os.system("clear")
username = input("Type new Username > ")
print()
password = input("Type new password > ")
print()
keys = db.keys()
if username in keys:
print("ERROR: Username exists")
return
salt = random.randint(11111,99999)
newPassword = hash(f"{password}{salt}")
db[username] = {"password":newPassword,"salt":salt}
def login():
time.sleep(1)
os.system("clear")
username = input("Type new Username > ")
print()
password = input("Type new password > ")
print()
keys = db.keys()
if username not in keys:
print("ERROR: Username does not exist")
return
salt = db[username]["salt"]
newPassword = hash(f"{password}{salt}")
db[username] = {"password":newPassword,"salt":salt}
if db[username]["password"]==newPassword:
print("Logged in")
else:
print("username or password incorrect")
while True:
menu = input("1. New User\n2. Login\n > ")
if menu=="1":
newUser()
elif menu=="2":
login()
else:
keys = db.keys()
for key in keys:
print(db[key])
ohhh. I see it now.
db[username] = {"password":newPassword,"salt":salt}
overwriting by not removing this in my login()
I’d recommend changing these lines in login()
, as you’re not creating a new account there.
I agree entirely and am also being somewhat lazy with my strings and naming conventions.
from replit import db
password = "Baldy1"
salt = 10221
newPassword = f"{password}{salt}"
newPassword = hash(newPassword)
print(newPassword)
db["david"] = {"password": newPassword, "salt": salt}
Why do we need to store salt in the db as well when it is already included in the newPassword?
It isn’t, because we hashed it.
It’s good to do that afaik (because then each password can have a different salt, and people won’t be able to notice two users having the same password as easily)
What sis the logic behind storing it seperately?