It's Called Hashing,Hashing, Printing the Hash , Salty, Second User ,

 It's Called Hashing

One of the big issues with storing usernames and passwords in a database is what happens if we're hacked?
If those passwords are stored as text, our users' security is compromised. Probably across multiple sites because they ignored our advice and used the same password for everything!!!!!
Hashing 
In reality, organizations don't store your actual password. They store a hash of your password. A hash is produced by turning your password into a sequence of numbers, then passing it though a hashing algorithm (some mathematical process that is very difficult to reverse engineer). The data spit out of this hashing algorithm is what's stored instead of your actual password.

👉 So let's do it. I'm using the built-in hash function to create a numerical hash of the password 

password = "baldy1"
password = hash(password)
print(password)
# This will output a really long number 

👉 Now let's store that hashed version in our database instead of the actual password.

from replit import db
userName = "david"
password = "baldy1"
password = hash(password)
db[userName] = password # Stores the hashed password in the database under the username key 'david'
print(password) 

Printing the Hash

👉 Now I can output the value from the database using print. Notice how it outputs the hash. That will be useless to a hacker. They cannot easily reverse engineer the password from the hash.

from replit import db
print(db["david"])

👉 Let's build the login system that checks the stored hash against a hash of the input.

from replit import db
ask = input("Password >") # Get the input
ask = hash(ask) # Hash the input
if ask == db["david"]: #compare hash of input to stored hash.
  print("Login successful")

 

Oooh, Salty!

Hashing is great, but enterprising hackers have created their own database containing hashes of pretty much every word and common password around.
So chances are, if you use a common password or everyday word, then there's a hash of it sitting around on the internet somewhere just waiting for a reverse lookup.
To help combat this, we can generate a random value and append it to the end of your password before hashing. This random value is called a salt.
👉 Let's salt our password hash from before.

from replit import db
password = "Baldy1"
salt = 10221
newPassword = f"{password}{salt}" # append the salt
newPassword = hash(newPassword) # hash the lot
print(newPassword) 

Second User

👉 If we have a second user with the same password, the uniquely generated salt (I've just made them up in these examples) will produce a completely different hash.

from replit import db
password = "Baldy1"
salt = 10221
newPassword = f"{password}{salt}"
newPassword = hash(newPassword)
print(newPassword)
password = "Baldy1"
salt = 39820
newPassword = f"{password}{salt}"
newPassword = hash(newPassword)
print(newPassword)

👉 To deal with this, we'd need our database to store the hashed password and the salt. We do this using a dictionary.

from replit import db
password = "Baldy1"
salt = 10221
newPassword = f"{password}{salt}"
newPassword = hash(newPassword)
print(newPassword)
db["david"] = {"password":newPassword, "salt": salt}

👉 Now let's update the login system to pull the salt from the database, append it to the password entered and then hash the lot. After that, we can compare it to the stored hash of password and salt from the previous example.

from replit import db
ans = input("Password >") # Get the input
salt = db["david"]["salt"] # Get the salt from the database.
newPassword = f"{ans}{salt}"
newPassword = hash(newPassword) # Hash the concatenated string
if newPassword == db["david"]["password"]: #compare hash of newPassword to stored hash.
  print("Login successful")