Skip to content
This repository has been archived by the owner on Feb 22, 2024. It is now read-only.

should salt be random generated everytime instead of hardcoded in the config file? #268

Closed
wangluyi1982 opened this issue Jun 25, 2014 · 1 comment
Closed

should salt be random generated everytime instead of hardcoded in the config file? #268

wangluyi1982 opened this issue Jun 25, 2014 · 1 comment

Comments

@wangluyi1982
Copy link

@mattupstate , salt is currently defined in the flask app config, which is used for all then user encryption. Is this behavior expected? salt should be random generated. According to https://crackstation.net/hashing-security.htm, a short or hardcoded salt is not recommended. Is there any defined feature for this?
@mattupstate
Copy link
Collaborator

@wangluyi1982 passlib automatically generates a unique salt per password. The "salt" in this case is used when the password is HMACed. This is similar to how the itsdangerous library uses the term "salt", described here.

@mattupstate mattupstate mentioned this issue Jun 30, 2014
Closed
@genxstylez genxstylez mentioned this issue Jan 19, 2016
Closed
galeo pushed a commit to galeo/flask-security-outdated that referenced this issue Mar 4, 2020
@pffs @jwag956
Added support for permissions as an iterable attribute (pallets-eco#268)
e1d0091 
Co-authored-by: Chris Wagner <jwag.wagner@gmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattupstate @wangluyi1982