Daily Python Module: hashlib

In data processing, interface security, and file integrity verification, “hashing” is an essential technology. The built-in hashlib module in Python allows us to perform various hashing algorithms for encryption and verification without the need for third-party libraries.

Today, we will delve into the core usage and high-frequency practical applications of <span>hashlib</span>!

🧩 Why Learn <span>hashlib</span>

Common scenarios:

  • Password encryption storage: Hashing plaintext passwords to avoid leakage risks
  • Interface signing: Generating request signatures to verify legitimacy
  • File integrity verification: Preventing tampering during transmission
  • Digital fingerprinting: Quickly identifying unique content

🚀 Quick Start

import hashlib

# Text content
text = "Python-Hashlib-Demo"

# Generate MD5 hash
md5_hash = hashlib.md5(text.encode('utf-8')).hexdigest()

print("Original string:", text)
print("MD5 hash value:", md5_hash)

Output example:

原始字符串: Python-Hashlib-Demo
MD5 哈希值: 8b3f8c4c88525a3a55f6f8f05ffda0a2

🛠 Comparison of Common Hash Algorithms

Algorithm Length Common Scenarios Characteristics
MD5 32 bits File verification, non-secure signatures Fast, but not secure
SHA1 40 bits Compatibility with old systems Deprecated
SHA256 64 bits Interface signing, password hashing High security, moderate speed
SHA512 128 bits High security requirements Highest security, longest hash value

Example code:

import hashlib

data = "Hello, hashlib!".encode('utf-8')

print("MD5:", hashlib.md5(data).hexdigest())
print("SHA1:", hashlib.sha1(data).hexdigest())
print("SHA256:", hashlib.sha256(data).hexdigest())
print("SHA512:", hashlib.sha512(data).hexdigest())

🎯 High-Frequency Practical Scenarios

1️⃣ File Integrity Verification

Used to verify whether a file has been tampered with during download or transmission:

import hashlib

def calc_file_hash(filepath, algo="sha256", chunk_size=8192):
    """Calculate file hash value"""
    h = getattr(hashlib, algo)()
    with open(filepath, 'rb') as f:
        while chunk := f.read(chunk_size):
            h.update(chunk)
    return h.hexdigest()

# Example
file_path = "demo.zip"
print("File SHA256:", calc_file_hash(file_path))

Output example:

文件SHA256: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

2️⃣ Interface Signature Verification

Simulating the signing process when calling an API interface:

import hashlib
import hmac

secret_key = "my_secret_key"
payload = "order_id=1001&amp;price=50"

# Generate signature using HMAC-SHA256
signature = hmac.new(
    secret_key.encode('utf-8'),
    payload.encode('utf-8'),
    hashlib.sha256
).hexdigest()

print("Request parameters:", payload)
print("Signature result:", signature)

Output example:

请求参数: order_id=1001&amp;price=50
签名结果: 845f65f3b147a20db5a7b68f7f83f6a8b6eb58c2d06efb80d4a6120b10300dbb

3️⃣ Password Hash Storage

When storing user passwords, do not save plaintext passwords, but store the hash instead:

import hashlib

def hash_password(password):
    """Generate password hash"""
    return hashlib.sha256(password.encode('utf-8')).hexdigest()

def verify_password(input_password, stored_hash):
    """Verify if the input password is correct"""
    return hash_password(input_password) == stored_hash

# Example
stored = hash_password("my_password")
print("Stored hash:", stored)
print("Verify input:", verify_password("my_password", stored))

4️⃣ Quick Content Fingerprinting

Used to determine if text content is consistent:

def content_fingerprint(content):
    return hashlib.md5(content.encode('utf-8')).hexdigest()

data1 = "Python is awesome"
data2 = "Python is awesome"
data3 = "Python is not Java"

print(content_fingerprint(data1) == content_fingerprint(data2))  # True
print(content_fingerprint(data1) == content_fingerprint(data3))  # False

🧠 Advanced Techniques

1. Dynamic Algorithm Selection

<span>hashlib.algorithms_available</span><span> lists all supported algorithms:</span>

import hashlib
print("Supported algorithms:", hashlib.algorithms_available)

2. Incremental Update

Suitable for streaming calculations of large files:

import hashlib

h = hashlib.sha256()
with open("big_file.bin", "rb") as f:
    for chunk in iter(lambda: f.read(4096), b""):
        h.update(chunk)
print("Large file hash:", h.hexdigest())

3. Salted Storage

Increases difficulty of cracking:

import hashlib

def salted_hash(password, salt="mysalt"):
    return hashlib.sha256((password + salt).encode('utf-8')).hexdigest()

print("Salted hash:", salted_hash("password123"))

❗ Common Pitfalls

Issue Description
Storing passwords in plaintext Extremely insecure; should use hashing or professional algorithms like <span>bcrypt</span>
Using MD5/SHA1 for security scenarios No longer secure; should use SHA256 or higher algorithms
Forgetting encoding <span>hashlib</span>‘s <span>update</span> interface requires <span>bytes</span>; must first <span>.encode('utf-8')</span>

🧰 Practical Recommendations

  • Interface Security → Use <span>HMAC-SHA256</span>
  • File Integrity → Use <span>SHA256</span>
  • Password Storage → Salt + multiple hashes, or use professional algorithms like <span>bcrypt</span>
  • Unique Content Identification → Use <span>MD5</span> for quick fingerprint generation

📌 Summary

<span>hashlib</span> module advantages:

  • Built-in, no need to install third-party libraries
  • Supports various algorithms (MD5, SHA1, SHA256, SHA512…)
  • Suitable for a wide range of needs from simple file verification to complex interface signing

Whether writing crawlers, interface scripts, or performing file verification and automated operations, mastering <span>hashlib</span> will make your data processing safer and more efficient!

Leave a Comment