search

icbestCA / giftmanager

Gift ideas manager for families. See the demo here: https://giftmanagerdemo.pages.dev/
MIT License
74 stars 4 forks source link

SHA1 Depreciated for Password Hashing #3

Closed Robert-litts closed 3 months ago

Robert-litts commented 3 months ago

Saw that SHA-1 is being used for hashing passwords, which is insecure, as stated in the warning in hashlib: _"Warning: Some algorithms have known hash collision weaknesses (including MD5 and SHA1). Refer to Attacks on cryptographic hash algorithms and the hashlib-seealso section at the end of this document._

Additionally: "Warning: Salted hashing (or just hashing) with BLAKE2 or any other general-purpose cryptographic hash function, such as SHA-256, is not suitable for hashing passwords."

Alternative approach could be to utilize hashlib.pbkdf2_hmac if you want to stick with the hashlib library or shift over to argon2 password hashing function.

icbestCA commented 3 months ago

Now using Argon2 thanks to the help from Robert-litts.