Using Hashlib to Securely store user passwords and credentials.

What is hashing?

Hashing a password means that users cannot have their passwords compromised when a database engineer is reading cleartext in user databases (to a degree, the passwords could be decoded, but hashing them makes them illegible to someone who is not doing anything extensive). And also prevents hackers from reading passwords in plain text and can be compromised by collision attacks.

Additionally when hashing a password a salt may be added to the password, this prevents a database from being attacked by dictionary attacks.

Why Hash Passwords?

Storing User credentials in Plain Text is generally as bad practice as it allows anyone who reads the file (or computer) to see the password, username or any other credential without any sort of protection, In some cases it is against the law, such as PCI SSC Data Security Standards which handles debit and other card types. The solution to this is to Obfuscation in the form of hashing. Hashing a password makes a standard password seem completely random.

How hashing works

When a user signs up for a website or any other form that requires secure credentials, such as a password, username, email address or address, that user will fill in a form that will ask these credentials, then the web server will both hash and store the hash, the server will ‘throw away’ the original password and keep the hash. In a more secure environment the user may also be given a salt, this may be unique to the user or unique to the application (The user will not know the salt, the salt is owned by the server and will be kept secret.). When hashing both the password and salt will be combined and hashed.

How to hash a string in Python

This tutorial uses Hashlib as its hashing encoder which uses the ever bug free OpenSSL…

First we need to import hashlib and encode the input, then finally we need to check for a match.

Raspberry Pi – PHP permission File Problems Solved!

I recently installed php, but when I was unable to save files, I was very stuck, and that’s why I’m posting it here, I want to tell anyone who Googles this problem to find this solution.

 

The problem was when I used an fopen and fsave within php, the file would always ‘die’ as in the open or die within php. The solution is below

Firstly I looked for the Environment user in phpinfo() in my case it was
[box type=”shadow”]www-data[/box]
and then I simply typed this
[box type=”shadow”]chmod 777 -R www-data /var/www[/box]
that, in its simplicity is the solution, but I am thankful that I have found the solution!

To create a phpinfo you need to create a file in your root and insert the following code

and save it as phpinfo.php or whatever you choose, I saved it in my root but you can save it wherever you want, then I browsed to the environments section and that gave me the necessary information for me to create the solution.

Why this works

The problem was that php did not have enough permissions to write to the folder. by giving the user www-data full permission i.e. 777 it can now read write and execute without a problem!

here is what php looks like when you do phpinfo

phpinfo() user sample on Raspberry Pi
phpinfo() user sample on Raspberry Pi

you can check a file exits and is editable with this code http://stackoverflow.com/a/13297218

Now you’ve finished you can celebrate! here is a song (this is mainly so i can test embedding :P)