diff options
| author | Frederick Muriuki Muriithi | 2023-03-08 11:18:35 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-03-08 11:18:35 +0300 |
| commit | 5a8cc0d7fc241494580cd4a060690eaf09ff46d7 (patch) | |
| tree | eb9a9fa88027f28d2ec1421f0080e4260ecfe12d /main.py | |
| parent | 8621b737b01be5a6f238725c65771dea1410f0bb (diff) | |
| download | genenetwork3-5a8cc0d7fc241494580cd4a060690eaf09ff46d7.tar.gz | |
Replace Bcrypt with Argon2 for better security.
Bcrypt is now somewhat vulnerable to offline cracking, so we move our password hashing over to Argon2.
Diffstat (limited to 'main.py')
| -rw-r--r-- | main.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/main.py b/main.py index 6dadac2..49e5d55 100644 --- a/main.py +++ b/main.py @@ -7,7 +7,7 @@ from datetime import datetime import click -import bcrypt +from argon2 import PasswordHasher from yoyo import get_backend, read_migrations from gn3 import migrations @@ -37,7 +37,7 @@ def __init_dev_users__(): "password": "testpasswd"},) def __hash_passwd__(passwd): - return bcrypt.hashpw(passwd.encode("utf8"), bcrypt.gensalt()) + return PasswordHasher().hash(passwd) with db.connection(app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor: cursor.executemany(dev_users_query, dev_users) |