Community

slight enhancement to password hash security hope it helps

hey bro been awhile.

just wanted to let you know of a slight improvement for password hashing.  people recommended to me bcrypt, and recently argon2 was implemented in passlib 1.7.  argon2 may replace bcrypt scrypt pdgfk_sha256 algorithms for secure password hashing.

https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html

all i did was change the import to argon2 and change the lines in your flask register login system to match it, and argon2 needs a backend so:

pip3 install argon2_cffi

from passlib.hash import argon2	

            password = argon2.using(rounds=8).hash((str(form.password.data)))
            if argon2.verify(request.form['password'], data):

also heres a cool pip line i found that upgrades all your used packages in one command (recommend with venv usage)

pip3 freeze --local | grep -v '^-e' | cut -d = -f 1  | xargs -n1 pip3 install -U


cheers man just thought Id share a couple snippets.  looking forward to intermediate series.  maybe you can cover some encryption techniques with python, and Im interested in a socket.io simple webchat function for my web app, maybe even using the current flask register / login system.  would be a great tool to know, socket.IO.  for live chat support for users, would be cool :)