domenukk
commented
4 years ago What's wrong with hashlib.scrypt? It's supported from python v 3.4 and up.
sha3 512 bit shouldn't be (much) slower than sha2 512 bit, to be honest?
Open Liikt opened 4 years ago
domenukk
commented
4 years ago What's wrong with hashlib.scrypt? It's supported from python v 3.4 and up.
sha3 512 bit shouldn't be (much) slower than sha2 512 bit, to be honest?
ldruschk
commented
4 years ago I am not even sure whether SHA3 has any benefits compared to SHA2 w.r.t. password hashing, since it was never intended to be slow or slower than SHA2.
I am still in favor of using argon2 (https://pypi.org/project/argon2-cffi/) instead.
Liikt
commented
4 years ago What's wrong with
hashlib.scrypt? It's supported from python v 3.4 and up. sha3 512 bit shouldn't be (much) slower than sha2 512 bit, to be honest?
I absolutely skipped over that one lol
Liikt
commented
4 years ago I am not even sure whether SHA3 has any benefits compared to SHA2 w.r.t. password hashing, since it was never intended to be slow or slower than SHA2.
I am still in favor of using argon2 (https://pypi.org/project/argon2-cffi/) instead.
Then so it shall be!
Liikt
commented
4 years ago Aight now we use argon2. I could not test the changing of the password fuctionality, because I have no idea how the reset.html is supposed to be communicated with, but creating a user and logging in as said user works.
I know domenukk wanted something like scrypt or argon2 but those need extra dependencies and sha3_512 is supported by hashlib. Also we hash several times now which is more better.