LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 09-29-2017, 10:58 PM   #1
Fergupicus
LQ Newbie
 
Registered: Sep 2017
Location: Bay of Plenty, NZ
Distribution: Debian, Kali, Fedora
Posts: 20

Rep: Reputation: 0
Question Python: How would I go about comparing a variable and a line in a file?


Hello,
So I'm just practising with Python3, I am creating a simple login program that compares sha256 password hashes with those that are stored in files. I've already created the function to ask to make a new password and then write the name and hash associated with it into a new line of a file. My question is how would I go about comparing the stored hashes and the hash of the person trying to login?

Also if you would like some more info or to see the code just ask and I'll edit it in.

Any help would be greatly appreciated, Fergus.

EDIT 1: the code
So you requested the code in question so here it is.
Code:
def new_account_page():
    new_user = input("Please enter a username: ")
    print("-------------------------------------")
    new_pass = getpass.getpass("Please enter a password: ")
    hashed_password = hash_password(new_pass)
    print("The string to store in the database is: ", hashed_password)
    old_pass = getpass.getpass("Now please enter the password again to check: ")
    if check_password(hashed_password, old_pass):
        print("You entered the right password")
        login_hashes = open("/root/PycharmProjects/Test/Hashes.txt", "a")
        login_hashes.writelines(new_user + " - " + hashed_password + "\n")
        print("Returning you to the accounts page.")
This is the part of the code; it's pretty self-explanatory. What I'm looking to add now is a login function where I cross-check the users hash with a hash inside of my Hashes.txt file (if there is a better way of storing this tell me.) If I was doing this inside of bash I would probably use AWK however from what I can gather there isn't really a good option I can find (I'm probably wrong!) But yeah, thats the gist of it.

Thanks in advance for your help

Last edited by Fergupicus; 09-30-2017 at 07:19 AM. Reason: Extra info
 
Old 09-30-2017, 05:37 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 9,880

Rep: Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910
What is your problem exactly? Would be nice to see some code... obviously...
 
Old 09-30-2017, 06:32 AM   #3
Fergupicus
LQ Newbie
 
Registered: Sep 2017
Location: Bay of Plenty, NZ
Distribution: Debian, Kali, Fedora
Posts: 20

Original Poster
Rep: Reputation: 0
The edits you requested are up
 
Old 09-30-2017, 07:14 AM   #4
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 3,315

Rep: Reputation: 1008Reputation: 1008Reputation: 1008Reputation: 1008Reputation: 1008Reputation: 1008Reputation: 1008Reputation: 1008
Almost. It's [ code] not [ quote].
 
Old 09-30-2017, 07:19 AM   #5
Fergupicus
LQ Newbie
 
Registered: Sep 2017
Location: Bay of Plenty, NZ
Distribution: Debian, Kali, Fedora
Posts: 20

Original Poster
Rep: Reputation: 0
Oh yeah soz, lol. My mistake
 
Old 09-30-2017, 07:38 AM   #6
rachelrose
LQ Newbie
 
Registered: Sep 2017
Posts: 6

Rep: Reputation: Disabled
Quote:
(if there is a better way of storing this tell me.)
You could store the hashes in a SQLite database, using the username as the primary key. When the user types the user name, you can use an SQL query to grab the hash to verify.

Check this tutorial out: https://passlib.readthedocs.io/en/st...pt_sha256.html

From this tutorial, you get to learn how to accept user passwords, hashing, and verifying them. All you would need now is to store data in a SQLite file, but you can research this Pythons documentation basically shows you how.

From my research, bcrypt seems to be the suggested hashing algorithm to store passwords.
 
Old 10-04-2017, 07:23 AM   #7
Fergupicus
LQ Newbie
 
Registered: Sep 2017
Location: Bay of Plenty, NZ
Distribution: Debian, Kali, Fedora
Posts: 20

Original Poster
Rep: Reputation: 0
Question

Hello again,
Sorry I haven't posted in a while but my stubbornness has me trying to figure this out on my own :P but I can't. So I'm now using SQLite to store my data and fetch and compare but I now have another problem. I'll show you the code before explaining.
Code:
def hash_login_password(username, password):
    c.execute("SELECT salt FROM account_info WHERE user_name=?", (username,))
    salt = c.fetchall()
    print(salt)
    return hashlib.sha256(salt.encode() + password.encode()).hexdigest()
My problem is however because salt is equal to a fetchall request and this request does not have the attribute of .encode it passes an AttributeError: 'list' object has no attribute 'encode.' As I mentioned before I believe this is because fetchall has no attribute called encode but my hashlib function does. The question is how do I get Python to treat the salt as a sting (and yes I've tried using str(salt) but this ends up changing the hash result.

Any help is greatly appreciated, Fergus
 
Old 10-04-2017, 07:39 AM   #8
rachelrose
LQ Newbie
 
Registered: Sep 2017
Posts: 6

Rep: Reputation: Disabled
Quote:
Originally Posted by Fergupicus View Post
Hello again,
Sorry I haven't posted in a while but my stubbornness has me trying to figure this out on my own :P but I can't. So I'm now using SQLite to store my data and fetch and compare but I now have another problem. I'll show you the code before explaining.
Code:
def hash_login_password(username, password):
    c.execute("SELECT salt FROM account_info WHERE user_name=?", (username,))
    salt = c.fetchall()
    print(salt)
    return hashlib.sha256(salt.encode() + password.encode()).hexdigest()
My problem is however because salt is equal to a fetchall request and this request does not have the attribute of .encode it passes an AttributeError: 'list' object has no attribute 'encode.' As I mentioned before I believe this is because fetchall has no attribute called encode but my hashlib function does. The question is how do I get Python to treat the salt as a sting (and yes I've tried using str(salt) but this ends up changing the hash result.

Any help is greatly appreciated, Fergus
I think the problem is this line:

Code:
c.fetchall()
Given that your expecting one result. Username is unique, so a when pulling the hash, your only going to pull one row, try

Code:
c.fetchone()
If you use fetchall, the expectation is that it will be a List, and you need a for loop.
 
Old 10-04-2017, 07:54 AM   #9
Fergupicus
LQ Newbie
 
Registered: Sep 2017
Location: Bay of Plenty, NZ
Distribution: Debian, Kali, Fedora
Posts: 20

Original Poster
Rep: Reputation: 0
Nah that didn't seem to help. It only ended up changing the word 'list' to 'tuple', NW though. This only seems to confirm my thought about this being a problem with Python thinking I'm writing
Code:
..56(c.fetchone.encode()..
which makes sense why its outputting the error.

Anyway thanks again
 
Old 10-11-2017, 11:25 PM   #10
Fergupicus
LQ Newbie
 
Registered: Sep 2017
Location: Bay of Plenty, NZ
Distribution: Debian, Kali, Fedora
Posts: 20

Original Poster
Rep: Reputation: 0
Smile ANSWER (finally)

Hey sorry about my absence I got re-addicted to Skyrim! :P Anyway I solved my issue a while back but didn't want to post the answer because I wanted to be sure that it worked. As for my original question I used a very helpful guide, here's the link SQLite3 - Simple Databases with Python.
Now about my second error: after searching my exact error on DuckDuckGo (best search engine evar!) it came up with the solution on StackExchange. As you saw the error was about trying to encode a tuple. I figured out that I just had to join the tuple together by doing this :
Code:
' '.join(data)
Pretty much what this is saying is, join the tuple data with the string ' ' (this is useful for separating data with the "split" function.)

Honestly, all in all, this has been a very enlightening and educational experience learning about new functions such as "replace" and "join". And learning basic SQL commands(should help with my future in pen-testing.) I actually quite liked it and I actually think I have learned more over this personal project than I have this entire year at school haha (it's certainly more useful!)

Thanks for anyone that helped me and I hope this helps anyone with my issues in the future

Last edited by Fergupicus; 10-11-2017 at 11:27 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Add date to python file variable - python 2.6.6 MrLinuxDonnelly Linux - Newbie 7 11-10-2015 08:27 AM
[SOLVED] comparing two files down to the parts of a line in the file lhiggie1 Linux - Software 2 11-14-2014 03:57 PM
Counting the amount of lines in a file and comparing the result to a variable in BASH doucettej3 Linux - Newbie 5 02-04-2013 12:20 PM
Comparing to specific line in file bash script ShiGua Linux - Newbie 3 11-16-2012 05:42 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 03:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration