all InfoSec news
To my AppSec people, is bcrypt still safe for Python for password management?
Oct. 15, 2023, 6:06 p.m. | /u/sma92878
cybersecurity www.reddit.com
I'm working on a personal application and I've been leveraging bcrypt for password hashing.
I'm using the bcrypt.hashpw and bcrypt.checkpw functions. I was also reading there some attacks with very long passwords so I'm first encoding and then hashing the passwords before I run them through bcrypt.
for hashing the password
bcrypt.hashpw(base64.b64encode(hashlib.sha256(password.encode('utf-8')).digest()), bcrypt.gensalt(14))
for decrypting the password
bcrypt.checkpw(base64.b64encode(hashlib.sha256(password.encode('utf-8')).digest()), hash)
Everything is functioning and working smoothly, I know these libraries change pretty frequently. I'm using SQLAlchemy …
application appsec attacks bcrypt cybersecurity encoding functions hashing hello management password password management passwords people personal python run safe working
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States
Information Assurance Security Specialist (IASS)
@ OBXtek Inc. | United States
Cyber Security Technology Analyst
@ Airbus | Bengaluru (Airbus)
Vice President, Cyber Operations Engineer
@ BlackRock | LO9-London - Drapers Gardens