How to compare in python an input value with an hashed value in mysql table?

Pieter van Oostrum pieter-l at vanoostrum.org
Tue Jan 14 07:21:14 EST 2020 

admin at formationgrowthhacking.com writes:

> I have a wordpress 5.3 websites which sell a software with license key.
>
> The license key is encrypted and stored in Mysql table. there are 2 columns "license" and "hash":
>
> license_key                                           
> def50200352f5dc4bd8181a9daebbf4f9177fe725111a5a479d64636d01c2a10074e0c645abe898dea18210af563a5334288420551ab61c18ca4506cd03aa5d2bdd40933ddf7ca4d4b61b1c0f58a3830cbe0891cf4ff526311d5d637a55a574eca2c3a1b487b56
>
> hash
> 9498cbf8bf00d6c55e31f98ba6d8294afa3127a84f31aa622c4158ac7377c6dd
>
Slightly off-topic:

Why would you store *both* an encrypted key and a hash?
If you have the encrypted key in the database and the encryption key on your site (presumably in the Python code) and your site is hacked, all the license keys are potentially in the open.
And if your key is on the site you can as well encrypt the entered license key and compare it to the stored encrypted key.

end off-topic

> My python program get an input for user (the license key in string
> without any encrypton) and need to compare it with the official license
> key stored in Mysql database of our Wordpress website.
>
> I read a lot of hashlib python, functions and methods. But I didn't find
> anywhere how could I "hash" the string input typed by user with some
> hash values from the table, in order to compare both values (the input
> license and the license stored in mysql table).

This supposes Python 3:

Let's assume the entered key is in ASCII and stored in the variable 'key'.

from hashlib import sha256
key = bytes(key, 'ascii')
hash = sha256(key).hexdigest()

Now you can compare hash with the stored hash in the database. Of course this only works if that stored hash has been calculated in the same way from the same key.

On Python 2 (which you shouldn't use) you can leave out the "key = bytes(key, 'ascii')" part.

You can of course make it more sophisticated, for example by using a salt. Unless your keys are extremely valuable, I wouldn't bother with that.
-- 
Pieter van Oostrum
www: http://pieter.vanoostrum.org/
PGP key: [8DAE142BE17999C4]

More information about the Python-list mailing list