The issue I am having with bcrypt is that the module can't be imported into the Pythonista app on iOS, which is where I need to run my script. What else would you recommend similar to bcrypt that can generate a random salt, and has something like the checkpw() function built-in to quickly validate salted passwords?
What hashing algorithms would you recommend I use in Python3 that can generate a random salt, other than bcrypt?
139 views Asked by marti At
1
There are 1 answers
Related Questions in PYTHON-3.X
- SQLAlchemy 2 Can't add additional column when specifying __table__
- Writes to child subprocess.Popen.stdin don't work from within process group?
- Platform Generation for a Sky Hop clone
- What's the best way to breakup a large test in pytest
- chess endgame engine in Python doesn't work perfectly
- Function to create matrix of zeros and ones, with a certain density of ones
- how to create a polars dataframe giving the colum-names from a list
- Django socketio process
- How to decode audio stream using tornado websocket?
- Getting website metadata (Excel VBA/Python)
- How to get text and other elements to display over the Video in Tkinter?
- Tkinter App - My Toplevel window is not appearing. App is stuck in mainloop
- Can I use local resources for mp4 playback?
- How to pass the value of a function of one class to a function of another with the @property decorator
- Python ModuleNotFoundError for command line tools built with setup.py
Related Questions in HASH
- How can py tuple implicit cast to int?
- How to properly set hashes in script-src CSP policy header?
- Algorithm for finding the largest common substring for n strings using Rabin-Karp function
- Lua: is there a need to use hash of string as a key in lua tables
- When the key values are the same, the memory limit is exceeded when making a hash join
- Short for creating an array of hashes in powershell malfunction?
- LC347: Top K Frequent Elements; final result returns an extra element in list/array
- Hashing vertices of a Graph in C
- Is there a limit on the message size for SHA3?
- When hashing an API key, should I hash the suffix / prefix as well?
- Cmake error : Configuring incomplete, errors occurred
- murmur3 hashing function in postgres
- Hashing the password if it is not hashed in django
- Order of a set in Python
- Comparing the hash of a file, containing a list of hashes of multiple files instead of each file, is it good?
Related Questions in PASSWORDS
- Forgotten RAR password recovery
- I'm unable to access 'https://github.com/Danniecodjoe/alx-system_engineering-devops.git/':
- How to get new text input after entering a password in a tab?
- invalid application password of gmail
- Auto-complete doesn't work on Chrome or Edge
- Decrypting Magento 2 customer passwords using email for migration to Shopify
- In two subversion repositories (same machine), can I have different usernames with no password prompting?
- Store website username/password on Elinks for Ubuntu
- Sending Password to a PHP Script
- "error": "The public key is required. Visit https://dashboard.emailjs.com/admin/account"
- im stuck trying to guess a password to a server im accessing through netcat for a ctf
- Hashcat / John the Ripper - find password when you know most of password but don't remember the sequence
- Hashing the password if it is not hashed in django
- How do I change I change my redis docker containers password?
- How to detect password protected file in Angular 14+ without using Promise calls
Related Questions in PYTHONISTA
- How to install pydantic_core in Pythonista?
- Why do I have to enter each row when I use pythonista, unlike vscode?
- how to simulate user's touch on IOS using pythonista
- Pythonista, loaded images are completely blue
- Pythonista 3 cannot recognize line breaks
- Using Flet in Pythonista on iOS
- No metadata error on Pythonista, how can I solve it?
- Can we use sql database on pythonista or replit on ipad9?
- How to do this exercise using ios pythonista 3?
- Why is it that I am able to print out a good amount of lines until I reach a certain point. Once that point is reached I get an error
- How to make pygame on Apple ipad ( ios 15 )
- What is the property use of Node.remove_action in Pythonista?
- Can I transform MIDI to WAV without a library?
- How do I fix this IndexError:List out of range
- Using speedtest or speedtest-cli on Pythonista
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
If pbkdf2 is natively available, I'd use that before trying to roll your own bcrypt. When its work factors are sufficiently large, it's still a solid choice when bcrypt or scrypt aren't available, and using it directly is safer than trying to recreate something else by hand.
Not knowing more about your use case, a general recommendation: use pbkdf2 with a sufficiently large number of rounds to take about a half-second's worth of the upper end of the processor throughput of your target devices. This keeps the UX within tolerable wait times while still providing reasonable resistance to offline attack.
I'd also recommend randomizing that number of rounds slightly over a range (like a thousand). For example, if you settled on 200,000 as having an acceptable 500ms delay, I'd randomly pick a value between 200,000 to 202,000 (or something like that) - whatever is needed to ensure that most users will have different rounds from each other (assuming that all user passwords might be aggregated into a single location that could be compromised and the hashes stolen). This is because some of the newer "associative" / "correlation" attacks only work well against a large set of hashes when all of the cost factors across that set of hashes are the same.
Long term, also be sure that your code easily accepts a variable floor and ceiling for the number of rounds, so you can choose to increase your number of rounds over time as processors advance. (You could even get fancy and dynamically calculate the range of rounds based on the processor that the password is being created on, so that it's future ready without any additional intervention.)