You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 22, 2024. It is now read-only.
@mattupstate , salt is currently defined in the flask app config, which is used for all then user encryption. Is this behavior expected? salt should be random generated. According to https://crackstation.net/hashing-security.htm, a short or hardcoded salt is not recommended. Is there any defined feature for this?
The text was updated successfully, but these errors were encountered:
@wangluyi1982 passlib automatically generates a unique salt per password. The "salt" in this case is used when the password is HMACed. This is similar to how the itsdangerous library uses the term "salt", described here.
@mattupstate , salt is currently defined in the flask app config, which is used for all then user encryption. Is this behavior expected? salt should be random generated. According to https://crackstation.net/hashing-security.htm, a short or hardcoded salt is not recommended. Is there any defined feature for this?
The text was updated successfully, but these errors were encountered: