Harshal Dhumal
Reputation: 1429
Need advice on password hashing algorithm for Flask security module
In one of my flask project I'm using Flask-security module for security mechanism. In module configuration I have 3 choices for password hashing algorithm bcrypt, sha512_crypt, pbkdf2_sha512.
Can any one suggest me which to use and why?
Any help would be appreciated.
Upvotes: 1
Views: 242
Answers (1)
CodesInChaos
Reputation: 108840
All of these are acceptable choices. I prefer bcrypt, because it's GPU unfriendly, so an attacker won't have a big advantage when they use a GPU while your server uses a CPU to hash.
Make sure to choose a work factor that's as big as possible while offering acceptable performance. Should be somewhere between 10 and 100ms for typical web servers.
Upvotes: 5
Related Questions
- Generating and verifying password hashes with flask-bcrypt
- Using PassLib to Verify Hash from Flask User Passwords
- Check password hash created by Django in Flask
- Verifying username and password input through flask python
- using bcrypt password hashing for user authentication
- Securely send passwords from login form in Flask
- Securely implementing two factor authentication in flask
- Password Encryption in Flask
- Flask - authenticate hashed password from SQLAlchemy
- python flask-security: encryption error "hash could not be identified"