Question:
So I am making a website for a school project (not what I really need help with), I am trying to eventually set up a Sign Up and Sign In page, where in the Sign Up page it will hash your password and send it to a DataBase of some sort (if you have any ideas for DB’s that would help, besides JSON), but what I don’t understand is when someone logs in how do you compare the plain text password to the encrypted one and actually log somebody in?
I just need help with how I would compare the plain text password to the hashed password to login, not any code.
Hash the plain text, and then compare them?
1 Like
@Firepup650 but wouldn’t it change based on the salt that I use (since I don’t want to use the same salt for everything)? Then they wouldn’t be the same.
The way I do it, I save a salt per-user, and when someone tries to login, I get that user’s salt, hash the attempt, and compare the hashes.
1 Like
@Firepup650 do you have database I should use for this? I am using JSON for other, non-sensitive info, should I use ReplDB or something?
Don’t handle the hashing and salting yourself. Use something like bcrypt.
4 Likes
Idk, the only way I was doing it was on a Private repl in a JSON file.
1 Like
Try Firestore. I use it for my storing of username and passwords.
1 Like
You should probably use a library to do it, those library developers have spent a significant amount of time on getting it right, regarding password hashing. For instance, passlib.
When you want to log someone in you use yet another library that helps you manage sessions, like flask_login. You can roll your own but I recommend using existing libraries 
4 Likes