![]() While with crypto code you often only find out after it is to late and your data has been compromised. The nasty thing is that with non crypto code you often immediately notice it when it is not working since your program crashes. It is easy to mess up writing your crypto code in a secure way. The smart thing is not to write the crypto yourself but to use something like passlib: The library suggested in this answer is now outdated, and the hashlib key derivation functionality mentioned in this answer: is a good suggestion to use nowadays. See this Stack Overflow question: py-bcrypt installing on win 7 64bit python However, I had more trouble installing it on my windows systems. I was able to install the library pretty easily in a linux system using: pip install py-bcrypt Return bcrypt.checkpw(plain_text_password, hashed_password) Using bcrypt, the salt is saved into the hash itself ![]() Return bcrypt.hashpw(plain_text_password, bcrypt.gensalt())ĭef check_password(plain_text_password, hashed_password): # (Using bcrypt, the salt is saved into the hash itself) Implementation def get_hashed_password(plain_text_password): Slow is desirable because if a malicious party gets their hands on the table containing hashed passwords, then it is much more difficult to brute force them. bcrypt also has an option to adjust how slow you want it to be when generating the hashed password for the first time: # The '12' is the number that dictates the 'slowness'īcrypt.hashpw(password, bcrypt.gensalt( 12 )) If I understand correctly, the argument to use bcrypt over SHA512 is that bcrypt is designed to be slow. Based on the other answers to this question, I've implemented a new approach using bcrypt.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |