python - Limit same password in password change

Question

I’m building a gui on python with tkinter, i’ve made a login, register and change password screens, hosting the data on mysql, i want to make an option that if user already choose password “x” for example, he will be able to repeat the password only 1 more time, after that it will not give him an option to choose and repeat the same password on the change password screen, any clue how to do it?

question from:https://stackoverflow.com/questions/65649344/limit-same-password-in-password-change

Answer 1

Keep track of your user's salt+hash combinations in another table and compute their new hash using old salts to make sure they've never tried to use it before.

An example...

Let's say your user's password history is in a list of dicts:

password_history = [
  {
    "salt": "89!$@sg",
    "hash": "asdfjhlaksjdhflkjahsdlkfjh",
  },
]

def has_used_password(password_history, new_password):
  hashes = set(h["hash"] for h in password_history)

  count = 0
  for entry in password_history:
    hash_with_old_salt = hash_password(new_password, entry["salt"])
    if hash_with_old_salt in hashes :
      count += 1
  return count