Und mit allen gleichzeitig kompatibel sein.

///

Erstellen Sie eine Hilfsfunktion, um ein vom Benutzer stammendes Passwort zu hashen.

Und eine weitere, um zu überprüfen, ob ein empfangenes Passwort mit dem gespeicherten Hash übereinstimmt.

Und noch eine, um einen Benutzer zu authentifizieren und zurückzugeben.

                 * hashes and the other does then they will not be considered equal even
                 * though they may be.
                 */
            }
            return true;
        }
        return false;
    }

    /**
     * Check whether the password hashes are externally supplied.
     *
     * @return whether the hashes are externally supplied
     */

        }
    }

    /**
     * Hashes the specified text using the given algorithm and converts it to a string.
     *
     * @param algorithm
     *            The algorithm. Must not be {@literal null} or an empty string.
     * @param text
     *            The string to be hashed.
     * @return The hashed string.
     */

Siempre que pases exactamente el mismo contenido (exactamente la misma contraseña) obtienes exactamente el mismo galimatías.

Pero no puedes convertir del galimatías de nuevo a la contraseña.

### Por qué usar hashing de contraseñas

Si tu base de datos es robada, el ladrón no tendrá las contraseñas en texto claro de tus usuarios, solo los hashes.

     */

    public String link;
    /** Path relative to tree from which this referral was thrown */
    public String path; // Path relative to tree from which this referral was thrown
    /** Whether to resolve hashes in the path */
    public boolean resolveHashes;
    /** Expiration time for this referral entry */
    public long expiration;

    /** The next DFS referral in the chain */
    DfsReferral next;

Se o seu banco de dados for roubado, o invasor não terá as senhas em texto puro dos seus usuários, apenas os hashes.

Então, o invasor não poderá tentar usar essas senhas em outro sistema (como muitos usuários utilizam a mesma senha em vários lugares, isso seria perigoso).

## Instalar o `passlib`

O PassLib é uma excelente biblioteca Python para lidar com hashes de senhas.

Ele suporta muitos algoritmos de hashing seguros e utilitários para trabalhar com eles.

        int key2 = key1 ^ (1 << i);
        // get hashes
        int hash1 = function.hashInt(key1).asInt();
        int hash2 = function.hashInt(key2).asInt();
        // test whether the hash values have same output bits
        same |= ~(hash1 ^ hash2);
        // test whether the hash values have different output bits
        diff |= hash1 ^ hash2;

        count++;

import jcifs.smb1.smb1.SmbAuthException;
import jcifs.smb1.smb1.SmbSession;
import jcifs.smb1.util.Base64;
import jcifs.smb1.util.LogStream;

/**
 * This servlet Filter can be used to negotiate password hashes with
 * MSIE clients using NTLM SSP. This is similar to {@code Authentication:
 * BASIC} but weakly encrypted and without requiring the user to re-supply
 * authentication credentials.
 * <p>

import jcifs.ntlmssp.Type3Message;
import jcifs.smb.NtlmPasswordAuthentication;

/**
 * This class is used internally by {@code NtlmHttpFilter},
 * {@code NtlmServlet}, and {@code NetworkExplorer} to negotiate password
 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is