I think pbkdf2_hmac is ok to hash passwords. You don't need to install third-party dependencies.
import hashlib import secrets SALT = secrets.token_bytes(32) # store it somewhere user_password_clear_text = "abc" # hash the password hashed_pw = hashlib.pbkdf2_hmac("sha256", user_password_clear_text.encode(), SALT, 4096) # user comes back and enters his passowerd: hashed_pw_verify = hashlib.pbkdf2_hmac("sha256", input("Please enter your password: ").encode(), SALT, 4096) # now compare the hashed password from database with the hashed password from user inout # don't use == as comparison because this allows timing attacks. # use secrets.compare_digest if secrets.compare_digest(hashed_pw, hashed_pw_verify): print("password ok") else: print("password not ok")
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
All humans together. We don't need politicians!