To my AppSec people, is bcrypt still safe for Python for password management?

Hello all,

I'm working on a personal application and I've been leveraging bcrypt for password hashing.

​

I'm using the bcrypt.hashpw and bcrypt.checkpw functions. I was also reading there some attacks with very long passwords so I'm first encoding and then hashing the passwords before I run them through bcrypt.

​

for hashing the password

bcrypt.hashpw(base64.b64encode(hashlib.sha256(password.encode('utf-8')).digest()), bcrypt.gensalt(14))

​

for decrypting the password

bcrypt.checkpw(base64.b64encode(hashlib.sha256(password.encode('utf-8')).digest()), hash)

Everything is functioning and working smoothly, I know these libraries change pretty frequently. I'm using SQLAlchemy …

application appsec attacks bcrypt cybersecurity encoding functions hashing hello management password password management passwords people personal python run safe working