Python md5 password value

Question

I have this change password request form.In which the user enter their oldpasswords.

this oldpassword is the md5 format.

How to compare the md5 value from db

Answer 1

to compare the value of your current password to the password stored in the database you can do:

import md5

input_password = request.POST['password']
md5_hashed_input_password = md5.new(input_password).hexdigest()
#comapre the value to that stored in db
if md5_hashed_input_password == db_password:  #password in db should be stored in md5 hash format
    print 'password match'
else:
    print 'password mismatch'

Answer 2

I don't think that oldpasswd_db is a MD5. It more looks like a combination of hash method (SHA1 in this case), a salt and the password hash itself.

Try to concatenate the salt value with the password:

import hashlib
hashlib.sha1('c60datom').hexdigest()

Answer 3

It's not md5, it's sha1 - "sha1$xxx.

You'd have to use sha1 functions instead. There is a documentation on this at http://docs.python.org/library/sha.html

Answer 4

the hash you put in there is a salted sha1 hexdigest as django (and probably many others) stores it by default.

the code to verify it is in contrib/auth/models.py. From there you can see that django works with md5 by default. All you have to do is to update the old hashes to the following form:

md5$<salt>$<hash>

if your hashes aren't salted yet leave the salt empty (md5$$<hash>), but update the hash to sha1 the next time the user performs a valid login.