By masklinn
> The library can’t be updated automatically
Why not?
> because suddenly all your stored passwords wouldn’t work.
Passlib handles that with a concept of “deprecated algorithms”[0]: a cryptcontext has a list of algorithms it can accept as inputs to validate against, and a subset of these can be marked as deprecated. The passwords hashed with deprecated algorithms will validate but they’ll be flagged as needing an upgrade. The `verify_and_upgrade` method will return both the validity of the password and a new hash if it should be upgraded, so the normal pattern is:
valid, new_hash = pass_ctx.verify_and_update(password, old_hash)
if valid:
if new_hash:
# store new hash for user
# password was valid
else:
# password wasn't valid
[0] http://pythonhosted.org/passlib/lib/passlib.context-tutorial…
See more about this article by clicking the link here: https://news.ycombinator.com/item?id=10254192
masklinn comments on "Enough with the Salts: Updates on Secure Password Schemes"
No comments:
Post a Comment