Open Liikt opened 4 years ago
What's wrong with hashlib.scrypt
? It's supported from python v 3.4 and up.
sha3 512 bit shouldn't be (much) slower than sha2 512 bit, to be honest?
I am not even sure whether SHA3 has any benefits compared to SHA2 w.r.t. password hashing, since it was never intended to be slow or slower than SHA2.
I am still in favor of using argon2 (https://pypi.org/project/argon2-cffi/) instead.
What's wrong with
hashlib.scrypt
? It's supported from python v 3.4 and up. sha3 512 bit shouldn't be (much) slower than sha2 512 bit, to be honest?
I absolutely skipped over that one lol
I am not even sure whether SHA3 has any benefits compared to SHA2 w.r.t. password hashing, since it was never intended to be slow or slower than SHA2.
I am still in favor of using argon2 (https://pypi.org/project/argon2-cffi/) instead.
Then so it shall be!
Aight now we use argon2. I could not test the changing of the password fuctionality, because I have no idea how the reset.html
is supposed to be communicated with, but creating a user and logging in as said user works.
I know domenukk wanted something like scrypt or argon2 but those need extra dependencies and sha3_512 is supported by hashlib. Also we hash several times now which is more better.