In data processing, interface security, and file integrity verification, “hashing” is an essential technology. The built-in
hashlibmodule in Python allows us to perform various hashing algorithms for encryption and verification without the need for third-party libraries.
Today, we will delve into the core usage and high-frequency practical applications of <span>hashlib</span>!
🧩 Why Learn <span>hashlib</span>
Common scenarios:
- Password encryption storage: Hashing plaintext passwords to avoid leakage risks
- Interface signing: Generating request signatures to verify legitimacy
- File integrity verification: Preventing tampering during transmission
- Digital fingerprinting: Quickly identifying unique content
🚀 Quick Start
import hashlib
# Text content
text = "Python-Hashlib-Demo"
# Generate MD5 hash
md5_hash = hashlib.md5(text.encode('utf-8')).hexdigest()
print("Original string:", text)
print("MD5 hash value:", md5_hash)
Output example:
原始字符串: Python-Hashlib-Demo
MD5 哈希值: 8b3f8c4c88525a3a55f6f8f05ffda0a2
🛠 Comparison of Common Hash Algorithms
| Algorithm | Length | Common Scenarios | Characteristics |
|---|---|---|---|
| MD5 | 32 bits | File verification, non-secure signatures | Fast, but not secure |
| SHA1 | 40 bits | Compatibility with old systems | Deprecated |
| SHA256 | 64 bits | Interface signing, password hashing | High security, moderate speed |
| SHA512 | 128 bits | High security requirements | Highest security, longest hash value |
Example code:
import hashlib
data = "Hello, hashlib!".encode('utf-8')
print("MD5:", hashlib.md5(data).hexdigest())
print("SHA1:", hashlib.sha1(data).hexdigest())
print("SHA256:", hashlib.sha256(data).hexdigest())
print("SHA512:", hashlib.sha512(data).hexdigest())
🎯 High-Frequency Practical Scenarios
1️⃣ File Integrity Verification
Used to verify whether a file has been tampered with during download or transmission:
import hashlib
def calc_file_hash(filepath, algo="sha256", chunk_size=8192):
"""Calculate file hash value"""
h = getattr(hashlib, algo)()
with open(filepath, 'rb') as f:
while chunk := f.read(chunk_size):
h.update(chunk)
return h.hexdigest()
# Example
file_path = "demo.zip"
print("File SHA256:", calc_file_hash(file_path))
Output example:
文件SHA256: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
2️⃣ Interface Signature Verification
Simulating the signing process when calling an API interface:
import hashlib
import hmac
secret_key = "my_secret_key"
payload = "order_id=1001&price=50"
# Generate signature using HMAC-SHA256
signature = hmac.new(
secret_key.encode('utf-8'),
payload.encode('utf-8'),
hashlib.sha256
).hexdigest()
print("Request parameters:", payload)
print("Signature result:", signature)
Output example:
请求参数: order_id=1001&price=50
签名结果: 845f65f3b147a20db5a7b68f7f83f6a8b6eb58c2d06efb80d4a6120b10300dbb
3️⃣ Password Hash Storage
When storing user passwords, do not save plaintext passwords, but store the hash instead:
import hashlib
def hash_password(password):
"""Generate password hash"""
return hashlib.sha256(password.encode('utf-8')).hexdigest()
def verify_password(input_password, stored_hash):
"""Verify if the input password is correct"""
return hash_password(input_password) == stored_hash
# Example
stored = hash_password("my_password")
print("Stored hash:", stored)
print("Verify input:", verify_password("my_password", stored))
4️⃣ Quick Content Fingerprinting
Used to determine if text content is consistent:
def content_fingerprint(content):
return hashlib.md5(content.encode('utf-8')).hexdigest()
data1 = "Python is awesome"
data2 = "Python is awesome"
data3 = "Python is not Java"
print(content_fingerprint(data1) == content_fingerprint(data2)) # True
print(content_fingerprint(data1) == content_fingerprint(data3)) # False
🧠 Advanced Techniques
1. Dynamic Algorithm Selection
<span>hashlib.algorithms_available</span><span> lists all supported algorithms:</span>
import hashlib
print("Supported algorithms:", hashlib.algorithms_available)
2. Incremental Update
Suitable for streaming calculations of large files:
import hashlib
h = hashlib.sha256()
with open("big_file.bin", "rb") as f:
for chunk in iter(lambda: f.read(4096), b""):
h.update(chunk)
print("Large file hash:", h.hexdigest())
3. Salted Storage
Increases difficulty of cracking:
import hashlib
def salted_hash(password, salt="mysalt"):
return hashlib.sha256((password + salt).encode('utf-8')).hexdigest()
print("Salted hash:", salted_hash("password123"))
❗ Common Pitfalls
| Issue | Description |
|---|---|
| Storing passwords in plaintext | Extremely insecure; should use hashing or professional algorithms like <span>bcrypt</span> |
| Using MD5/SHA1 for security scenarios | No longer secure; should use SHA256 or higher algorithms |
| Forgetting encoding | <span>hashlib</span>‘s <span>update</span> interface requires <span>bytes</span>; must first <span>.encode('utf-8')</span> |
🧰 Practical Recommendations
- Interface Security → Use
<span>HMAC-SHA256</span> - File Integrity → Use
<span>SHA256</span> - Password Storage → Salt + multiple hashes, or use professional algorithms like
<span>bcrypt</span> - Unique Content Identification → Use
<span>MD5</span>for quick fingerprint generation
📌 Summary
<span>hashlib</span> module advantages:
- Built-in, no need to install third-party libraries
- Supports various algorithms (MD5, SHA1, SHA256, SHA512…)
- Suitable for a wide range of needs from simple file verification to complex interface signing
Whether writing crawlers, interface scripts, or performing file verification and automated operations, mastering <span>hashlib</span> will make your data processing safer and more efficient!