Some questions about python hmac!

read the chapter hmac of teacher Liao"s hash algorithm, and I"m a little confused!
1. The article says that it is more difficult to crack by adding a password, but the password must be saved on the client or obtained on the server. Can"t I just splice the password according to the code?
2, exercise in the article, there is a code as follows. If the password key is randomly generated like this, then eventually I will log in next time. How does the client know the user"s login password

class User(object):
    def __init__(self, username, password):
        self.username = username
        self.key = "".join([chr(random.randint(48, 122)) for i in range(20)])
        self.password = hmac_md5(self.key, password)

I hope the boss can answer! "(" "") "

"
Mar.07,2021

look at the picture http://ww4.sinaimg.cn/large/0.


salt is only generated and saved to the database once when a new user is created. If you take a look at the contents of the database, you will know that
or general development will make a config.salt= "ajsda?sdf/vDSgvfd4"
and then call this constant every time. This salt cannot divulge

at will.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b35f51-2bfcb.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b35f51-2bfcb.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?