This repository has been archived by the owner on Feb 22, 2024. It is now read-only.
SECURITY_PASSWORD_SALT when using bcrypt #470
Comments
|
SECURITY_PASSWORD_SALT is used for "double salting" or "salting & peppering" (whatever you prefer). This is a common salt used in addition to the salt that bcrypt (or other algorithms) generate. |
|
Thanks @DeimosA for explaining this. |
|
Why is this done though? A quick lookup of "double salting" turns up this SO question with only one answer implying that it is basically useless. |
8 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
as titled, I believe bcrypt generates its own salt every time the password is generated. I think it's better to detect if bcrypt is used then there should not be a runtime error like the one below.
RuntimeError: The configuration valueSECURITY_PASSWORD_SALTmust not be None when the value ofSECURITY_PASSWORD_HASHis set to "bcryptrelated: #268
The text was updated successfully, but these errors were encountered: