Using Python hashlib for MD5 Hashing, Salting, and File Checksums
This article explains Python's hashlib module, demonstrates basic MD5 hashing, shows how to compute file checksums, and discusses secure password storage with salting techniques, providing complete code examples for each use case.
The hashlib module in Python provides access to many cryptographic hash functions such as MD5, SHA1, SHA224, SHA256, SHA384, and SHA512, allowing developers to generate irreversible digests for data.
Key attributes and methods include algorithms (list of supported algorithms), digest_size (size of the resulting hash), md5() / sha1() (create hash objects), update(arg) (feed data to the hash), digest() (binary digest), hexdigest() (hexadecimal digest), and copy() (duplicate a hash object).
Simple MD5 example:
import hashlib
m = hashlib.md5()
m.update('how to use md5'.encode('utf-8'))
m.update('in python hashlib'.encode('utf-8'))
print(m.hexdigest())The above code prints a 32‑character hexadecimal string such as 9f97604918a2e86bfcc4aea5c35a4c8b .
File MD5 calculation example (reads the file in 4 KB blocks):
#!/usr/bin/env python
# coding: utf-8
import hashlib, sys
def main():
if len(sys.argv) != 2:
sys.exit('Usage: %s file' % sys.argv[0])
filename = sys.argv[1]
m = hashlib.md5()
with open(filename, 'rb') as fp:
while True:
blk = fp.read(4096) # read 4 KB each time
if not blk:
break
m.update(blk)
print(m.hexdigest(), filename)
if __name__ == '__main__':
main()Application scenarios focus on securely storing user passwords. Instead of saving plaintext passwords, developers store the MD5 (or other hash) of the password; during login the entered password is hashed and compared with the stored value.
Because simple passwords are vulnerable to brute‑force attacks, a static "salt" can be added before hashing:
def get_md5(password):
m = hashlib.md5()
m.update(password)
return m.hexdigest()
def calc_md5(password):
return get_md5(password + 'the-Salt')
db = {}
def register(username, password):
db[username] = username
db[password] = calc_md5(password)To avoid identical hashes for users with the same password, a per‑user salt (e.g., the username) can be incorporated:
def clc_md5(username, password):
return get_md5(password + username + 'the-Salt')The article then presents a custom sorting requirement for dictionaries, followed by a Python function that filters out empty, zero, or collection‑type values, builds an ordered query string, appends a secret key, and finally returns the uppercase MD5 signature:
def wwwwww(test_data):
t = ''
for k, v in test_data.items():
if k != "sign" and k != "signature" and isinstance(v, (dict, list)) != True and v != "" and v != 0 and v != "0":
t = t + "'" + k + "'" + ":" + "'" + v + "'" + ","
w = eval("{" + t + "}") # convert string to dict
test_qqq_data = dict(filter(lambda X: X[1] not in ['', 0, '0'], w.items()))
src = '&'.join(["%s=%s" % (k, v) for k, v in sorted(test_qqq_data.items())]) + '&key=%s' % key
return hashlib.md5(src.encode('utf-8')).hexdigest().upper()
print(wwwwww(test_data))These examples illustrate how to employ hashlib for basic hashing, file integrity verification, and enhanced password security through salting, as well as how to generate signed request strings for API authentication.
Test Development Learning Exchange
Test Development Learning Exchange
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.