Re: How to compare in python an input value with an hashed value in mysql table?
Thank you so much Pieter! Danku well Where can I write you a review 5/5! Linkedin? Google business? Facebook page? Thank you!Thank you!Thank you!Thank you!Thank you! X 1! :-) -- https://mail.python.org/mailman/listinfo/python-list
Re: How to compare in python an input value with an hashed value in mysql table?
Growth Hacking Formation writes: > Thanks for helping. That is what I thought. > Lets say it is the case and I get the key. We know it uses sha256 and it > apply to the ascii code. > What should be the python code in this scenario? > I am novice and the hash python module is a bit too complex for me. I read > the doc. > > Thanks. Some of the details are still vague, but I think it must be something like this: Here is some code that works in both Python 2 and Python 3. import hashlib import hmac secretfile = '.../lmfwc-files/secret.txt' ## Fill in proper file name with open(secretfile, 'rb') as fd: secret = fd.read() key = 'goldQ3T8-1QRD-5QBI-9F22' bkey = key.encode('ascii') h = hmac.new(secret, bkey, hashlib.sha256) print('hd (hex): ', h.hexdigest()) -- Pieter van Oostrum www: http://pieter.vanoostrum.org/ PGP key: [8DAE142BE17999C4] -- https://mail.python.org/mailman/listinfo/python-list
Re: How to compare in python an input value with an hashed value in mysql table?
On Wed, Jan 15, 2020 at 5:41 PM Growth Hacking Formation wrote: > > Thanks for helping. That is what I thought. > Lets say it is the case and I get the key. We know it uses sha256 and it > apply to the ascii code. > What should be the python code in this scenario? > I am novice and the hash python module is a bit too complex for me. I read > the doc. > > Thanks. Look at the source code for the PHP module. Find the parts you need. My guess is that every hash-related function they call will have a direct equivalent in Python. Welcome to the wonderful world of porting code that you don't truly comprehend :) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How to compare in python an input value with an hashed value in mysql table?
Thanks for helping. That is what I thought. Lets say it is the case and I get the key. We know it uses sha256 and it apply to the ascii code. What should be the python code in this scenario? I am novice and the hash python module is a bit too complex for me. I read the doc. Thanks. -- https://mail.python.org/mailman/listinfo/python-list
Re: How to compare in python an input value with an hashed value in mysql table?
On Wed, Jan 15, 2020 at 10:54 AM Dennis Lee Bieber wrote: > > On Tue, 14 Jan 2020 10:02:08 -0800 (PST), Growth Hacking Formation > declaimed the following: > > > > > >Hello @formationgrowthhacking, > >thank you for your message and for using my plugin. > >For license key hashing, I implemented the PHP native method hash_hmac(), > >using the sha256 algorithm. > >You can check out the class which is responsible for encryption, decryption, > >and hashing here: > >https://plugins.trac.wordpress.org/browser/license-manager-for-woocommerce/trunk/includes/Crypto.php > >Let me know if this helped! > >### > > > > https://www.php.net/manual/en/function.hash-hmac.php > """ > key > > Shared secret key used for generating the HMAC variant of the message > digest. > """ > ... Which implies that one needs to know another key to generate the hash > of the input data. I suspect the author of your database system will not > reveal that key (check the source code referenced by the author and see if > you can find a key for use in the hash function). > I had a squiz at the linked-to source code, and it looks like the corresponding key is stored in a file. Whether that actually constitutes an improvement in security, I can't say. But to be compatible, you would have to read the same file. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: How to compare in python an input value with an hashed value in mysql table?
Thanks for your help. Litle details, the license key is goldQ3T8-1QRD-5QBI-9F22 and it is stored in database already encrypted. License key is not saved in database with clear text. It is already encrypted. I am not sure what is this hash column for? License key => def50200962018b6bbed50fc53abca6bb076eb2947fc379e69bd38dcea9f8fbe29eedd43f1148e721d5f6657d8d0152356f5a7ba566dde545a9a354c7b42af88fe4ea7775a4e2ee1a26d8b8f7e3272cf5a8bbe38197fdf19e1726d5e2d769bae408cd511706388abad5a75 hash => 25138e045e9f50022331340a26d0eecbd0d7ca6bfefee0275749025c4f56c3a8 see screenshot: http://prntscr.com/qnhz8h I thought the "hash" column was the key to encrypt or decrypt the license stored in column "license_key". So I run your code for testing with appropriate licese key: Python Code: 1 2 3 4 5 6 from hashlib import md5, sha256, sha512 key = 'goldQ3T8-1QRD-5QBI-9F22' for hash_func in (md5, sha256, sha512): print(hash_func(key.encode()).hexdigest()) and it give this outpu: Output: ecc58b55c33fe6dfe3b49d6d63aad65b f67e701240fbd964aa9a0eb81e2f549b8e3dd97e1aa3b1f5796fd12cd9b14005 8288f635fbab6d6511fc5aa63caf153fa434b3d351612cdf48dcf6abea4275cde5f0d6fffda2e7c6fd42350483603cf6959dd62c946eea2b75eca9f60a5cf5b7 Process finished with exit code 0 As you can see, here the code doesn't give same result than database. === Regarding wordpress login, I didn't find any python library which can can handle this authentification process. I contacted the developper, and he replied me this message: Hello @formationgrowthhacking, thank you for your message and for using my plugin. For license key hashing, I implemented the PHP native method hash_hmac(), using the sha256 algorithm. You can check out the class which is responsible for encryption, decryption, and hashing here: https://plugins.trac.wordpress.org/browser/license-manager-for-woocommerce/trunk/includes/Crypto.php Let me know if this helped! ### But he may not know python. I need help of python expert. Does this update help for better understanding my issue? -- https://mail.python.org/mailman/listinfo/python-list
Re: How to compare in python an input value with an hashed value in mysql table?
ad...@formationgrowthhacking.com writes: > I have a wordpress 5.3 websites which sell a software with license key. > > The license key is encrypted and stored in Mysql table. there are 2 columns > "license" and "hash": > > license_key > def50200352f5dc4bd8181a9daebbf4f9177fe725111a5a479d64636d01c2a10074e0c645abe898dea18210af563a5334288420551ab61c18ca4506cd03aa5d2bdd40933ddf7ca4d4b61b1c0f58a3830cbe0891cf4ff526311d5d637a55a574eca2c3a1b487b56 > > hash > 9498cbf8bf00d6c55e31f98ba6d8294afa3127a84f31aa622c4158ac7377c6dd > > > My python program get an input for user (the license key in string without > any encrypton) and need to compare it with the official license key stored in > Mysql database of our Wordpress website. > > I read a lot of hashlib python, functions and methods. But I didn't find > anywhere how could I "hash" the string input typed by user with some hash > values from the table, in order to compare both values (the input license and > the license stored in mysql table). Contact the person responsible for the data in your database. Ask him which hashing algorithm should be used to verify the license info provided by a user against the database info. Note: there are many different hashing functions (e.g. "md5", "sha1", "sha256", ...) and often their use involves an additionl secret (besides the hashed data). Best get those details from a knowledgable person than from us. -- https://mail.python.org/mailman/listinfo/python-list
Re: How to compare in python an input value with an hashed value in mysql table?
ad...@formationgrowthhacking.com writes: > I have a wordpress 5.3 websites which sell a software with license key. > > The license key is encrypted and stored in Mysql table. there are 2 columns > "license" and "hash": > > license_key > def50200352f5dc4bd8181a9daebbf4f9177fe725111a5a479d64636d01c2a10074e0c645abe898dea18210af563a5334288420551ab61c18ca4506cd03aa5d2bdd40933ddf7ca4d4b61b1c0f58a3830cbe0891cf4ff526311d5d637a55a574eca2c3a1b487b56 > > hash > 9498cbf8bf00d6c55e31f98ba6d8294afa3127a84f31aa622c4158ac7377c6dd > Slightly off-topic: Why would you store *both* an encrypted key and a hash? If you have the encrypted key in the database and the encryption key on your site (presumably in the Python code) and your site is hacked, all the license keys are potentially in the open. And if your key is on the site you can as well encrypt the entered license key and compare it to the stored encrypted key. end off-topic > My python program get an input for user (the license key in string > without any encrypton) and need to compare it with the official license > key stored in Mysql database of our Wordpress website. > > I read a lot of hashlib python, functions and methods. But I didn't find > anywhere how could I "hash" the string input typed by user with some > hash values from the table, in order to compare both values (the input > license and the license stored in mysql table). This supposes Python 3: Let's assume the entered key is in ASCII and stored in the variable 'key'. from hashlib import sha256 key = bytes(key, 'ascii') hash = sha256(key).hexdigest() Now you can compare hash with the stored hash in the database. Of course this only works if that stored hash has been calculated in the same way from the same key. On Python 2 (which you shouldn't use) you can leave out the "key = bytes(key, 'ascii')" part. You can of course make it more sophisticated, for example by using a salt. Unless your keys are extremely valuable, I wouldn't bother with that. -- Pieter van Oostrum www: http://pieter.vanoostrum.org/ PGP key: [8DAE142BE17999C4] -- https://mail.python.org/mailman/listinfo/python-list