Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

use bcrypt to hash password (db filename) #13

posativ opened this Issue Jul 13, 2013 · 1 comment


None yet
1 participant

posativ commented Jul 13, 2013

Current way: SHA1 of some random but unique key + password. PBKDF2 is better suited for this.

salt = r'\x14Q\xd4JbDk\x1bN\x84J\xd0\x05\x8a\x1b\x8b\xa6&V\x1b\xc5\x91\x97\xc4'
return join(dir, (user + '.' + sha1(salt+passwd).hexdigest()[:16]))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment