Replace Bcrypt with Argon2 for better security.

Bcrypt is now somewhat vulnerable to offline cracking, so we move our password hashing over to Argon2.
author: Frederick Muriuki Muriithi 2023-03-08 11:18:35 +0300
committer: Frederick Muriuki Muriithi 2023-03-08 11:18:35 +0300
commit: 5a8cc0d7fc241494580cd4a060690eaf09ff46d7 (patch)
tree: eb9a9fa88027f28d2ec1421f0080e4260ecfe12d /main.py
parent: 8621b737b01be5a6f238725c65771dea1410f0bb (diff)
download: genenetwork3-5a8cc0d7fc241494580cd4a060690eaf09ff46d7.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/main.py b/main.py
index 6dadac2..49e5d55 100644
--- a/main.py
+++ b/main.py
@@ -7,7 +7,7 @@ from datetime import datetime
 
 
 import click
-import bcrypt
+from argon2 import PasswordHasher
 from yoyo import get_backend, read_migrations
 
 from gn3 import migrations
@@ -37,7 +37,7 @@ def __init_dev_users__():
         "password": "testpasswd"},)
 
     def __hash_passwd__(passwd):
-        return bcrypt.hashpw(passwd.encode("utf8"), bcrypt.gensalt())
+        return PasswordHasher().hash(passwd)
 
     with db.connection(app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor:
         cursor.executemany(dev_users_query, dev_users)
author	Frederick Muriuki Muriithi	2023-03-08 11:18:35 +0300
committer	Frederick Muriuki Muriithi	2023-03-08 11:18:35 +0300
commit	5a8cc0d7fc241494580cd4a060690eaf09ff46d7 (patch)
tree	eb9a9fa88027f28d2ec1421f0080e4260ecfe12d /main.py
parent	8621b737b01be5a6f238725c65771dea1410f0bb (diff)
download	genenetwork3-5a8cc0d7fc241494580cd4a060690eaf09ff46d7.tar.gz