Closed savchenko closed 4 months ago
Be sure to also modify: SECURITY_DEPRECATED_HASHING_SCHEMES
@jwag956 , I already have this:
SECURITY_DEPRECATED_HASHING_SCHEMES = ["hex_md5"]
SECURITY_HASHING_SCHEMES = ["sha256_crypt"]
Changing order doesn't seem to make any difference.
My intention is to remove md5
from the hashing algorithms leaving only sha256
. Am I missing something obvious?
Possibly not a clear documentation as it should 'deprecated' means accepted but not used for encryption. So - if you want to not ACCEPT hex_md5 - remove it from the DEPRECATED list.
see: https://passlib.readthedocs.io/en/stable/lib/passlib.context.html
Hopefully addressed with https://github.com/Flask-Middleware/flask-security/pull/1003
Steps to reproduce
SECURITY_HASHING_SCHEMES = ["sha256_crypt"]
to the application config and initialise FST.