TechQA.

Have I Hashed and Salted Correctly?

61 views Asked by At

I am new to this, and I want to know if I've coded this correctly.

If so, how would I then go about storing the hashed password on a database?

import hashlib
import os

password = input("Create Password")

def hash_new_password(password):
     hash = hashlib.pbkdf2_hmac('blake2b', password.encode('utf-8'), salt=os.urandom(16), iterations=100000)
     return hash.hex()

hashed = hash_new_password(password)

print(hashed)
python cryptography passwords password-protection password-hash
Original Q&A
1

There are 1 answers

2
arrmansa On

No, for cryptography you should be using secrets and not os.urandom https://docs.python.org/3/library/secrets.html .

And for the hash_new_password function, shouldn't you also return the salt so it can be stored so you can compare equality later?

Also obligatory "don't roll your own crypto"

Related Questions in PYTHON

Related Questions in CRYPTOGRAPHY

Related Questions in PASSWORDS

Related Questions in PASSWORD-PROTECTION

Related Questions in PASSWORD-HASH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions