* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

SignPKCS1v15 calculates an RSASSA-PKCS1-v1.5 signature. // // hash is the name of the hash function as returned by [crypto.Hash.String] // or the empty string to indicate that the message is signed directly. func SignPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error) { fipsSelfTest() fips140.RecordApproved() checkApprovedHashNam(hash) return signPKCS1v15(priv, hash, hashed) } func signPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error) { em, err := pkcs1v15ConstructEM(&priv.pub,...

///

## Die Passwörter hashen und überprüfen { #hash-and-verify-the-passwords }

Importieren Sie die benötigten Tools aus `pwdlib`.

Erstellen Sie eine PasswordHash-Instanz mit empfohlenen Einstellungen – sie wird für das Hashen und Verifizieren von Passwörtern verwendet.

/// tip | Tipp

        int key2 = key1 ^ (1 << i);
        // get hashes
        int hash1 = function.hashInt(key1).asInt();
        int hash2 = function.hashInt(key2).asInt();
        // test whether the hash values have same output bits
        same |= ~(hash1 ^ hash2);
        // test whether the hash values have different output bits
        diff |= hash1 ^ hash2;

        count++;

        int key2 = key1 ^ (1 << i);
        // get hashes
        int hash1 = function.hashInt(key1).asInt();
        int hash2 = function.hashInt(key2).asInt();
        // test whether the hash values have same output bits
        same |= ~(hash1 ^ hash2);
        // test whether the hash values have different output bits
        diff |= hash1 ^ hash2;

        count++;

    }

    @Override
    public Hasher putByte(byte b) {
      ensureCapacity(Byte.BYTES);
      buffer.put(b);
      return this;
    }

    @Override
    public Hasher putBytes(byte[] bytes, int off, int len) {
      ensureCapacity(len);
      buffer.put(bytes, off, len);
      return this;
    }

    @Override
    public Hasher putBytes(ByteBuffer bytes) {

      // We need to ensure that at least 4 bytes have been put into the hasher or else
      // Hasher#hash will throw an ISE.
      int intToPut = random.nextInt();
      for (Hasher hasher : sinksAndControl) {
        hasher.putInt(intToPut);
      }
      for (Sink sink : sinks) {
        HashCode unused = sink.hash();
      }

      byte[] expected = controlSink.hash().asBytes();
      for (Sink sink : sinks) {

@command(b'goreposum', [], _('url'), norepo=True)
def goreposum(ui, url):
  """
  goreposum computes a checksum of all the named state in the remote repo.
  It hashes together all the branch names and hashes
  and then all the bookmark names and hashes.
  Tags are stored in .hgtags files in any of the branches,
  so the branch metadata includes the tags as well.
  """
  h = hashlib.sha256()
  peer = hg.peer(ui, {}, url)

Por ejemplo, podrías usarlo para leer y verificar contraseñas generadas por otro sistema (como Django) pero hacer hash de cualquier contraseña nueva con un algoritmo diferente como Argon2 o Bcrypt.

Y ser compatible con todos ellos al mismo tiempo.

///

Crea una función de utilidad para hacer el hash de una contraseña que venga del usuario.

        // Verify each method exists
        boolean hasGet = false, hasPost = false, hasPut = false, hasDelete = false;
        boolean hasHead = false, hasOptions = false, hasTrace = false, hasConnect = false;

        for (final Method method : methods) {
            switch (method) {
            case GET:
                hasGet = true;
                break;
            case POST: