3

I'm trying to write a chat server using python. I am using SHA1 hash to validate users and comparing the stored hash for the user to the hash of the given password and if they are the same then I should validate the user.

My hash function looks like this: 

def sha1_encode(string):
    import hashlib
    return hashlib.sha1(bytes(string)).hexdigest()

and my validate user looks like this:

def validate_user(self, user, password):
    if user in self.users:
        print "user exists"
        #Get the saved SHA1 hash and see if it matches the hash of the given
        #password
        print "sha", sha1_encode(password)
        print "stored", self.users[user]
        print "equal", self.users[user] == sha1_encode(password)
        print type(self.users[user])
        print type(sha1_encode(password))
        if str(self.users[user]) == str(sha1_encode(password)):
            print "validate loop entered"
            return True
    else:
        return False

when I run this with a user I know is in the list, I get this output:

user exists
sha 61503cfe0803f3a3b964b46a405f7828fd72b1f7
stored 61503cfe0803f3a3b964b46a405f7828fd72b1f7

equal False
<type 'str'>
<type 'str'>

so I know both of them are strings and I know that they are both the same thing but for some reason return false. I originally was questioning the objects being of different types but that doesn't seem to be the case.

So then I tried to copy these strings into the interpreter and check if they were actually equal: 

In [1]: x = '61503cfe0803f3a3b964b46a405f7828fd72b1f7'

In [2]: y = '61503cfe0803f3a3b964b46a405f7828fd72b1f7'

In [3]: x == y 
Out[3]: True

And at this point I'm confused why it's not reporting true in the function and reporting true in the interpreter, especially cause it seems like I am doing the same exact thing just with different variable names. Could anyone explain to me whats going on? Any help would be greatly appreciated.

Improve this question
6
  • I don't know how that method works so this is just a wild guess but it might be related with you are calling it twice(once printing sha and once doing comparison). Try to assign its return value to a variable then do the comparison. Commented Mar 24, 2016 at 19:27
  • 1
    @Lafexlos I can post more code if you think it would be helpful but this is just what I thought was relevant. I did try that and ran into the same error. Also shouldn't it not matter how many times I call it cause the SHA1 hash should always be the same for the same string? Commented Mar 24, 2016 at 19:32
  • BTW your code is broken and assumes Python 2; the bytes(string) wouldn't work on Python 3; you need to provide an encoding. Furthermore, using SHA1 for passwords like this is as wrong as is using MD5 (just google it); instead I recommend that you look into passlib and the functions it provides. Commented Mar 24, 2016 at 19:36
  • 2
    It looks like your stored hash has a newline on the end of it. Try comparing with .strip() at the end of each string. Commented Mar 24, 2016 at 19:37
  • 2
    Also, instead of printing the string when debugging, please print the repr of the string: print "stored", repr(self.users[user]) Commented Mar 24, 2016 at 19:37

1 Answer 1

Reset to default
4

Just taking a stab here, but based on your output it looks like there might be a trailing '\n' in your stored password list thus the blank line in the output after

print "stored", self.users[user]

You could try

print "equal", self.users[user].strip() == sha1_encode(password)

to see if that takes care of your problem. The call will remove trailing characters.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

or, better yet, have sha1_encode() return a stripped value

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.