The issue I am having with bcrypt is that the module can't be imported into the Pythonista app on iOS, which is where I need to run my script. What else would you recommend similar to bcrypt that can generate a random salt, and has something like the checkpw() function built-in to quickly validate salted passwords?
What hashing algorithms would you recommend I use in Python3 that can generate a random salt, other than bcrypt?
137 Views Asked by marti At
1
There are 1 best solutions below
Related Questions in PYTHON-3.X
- Update a text file with ( new words+ \n ) after the words is appended into a list
- Kivy - Create new widget and set its position and size
- TypeError: encoding or errors without a string argument
- How to print varible name in python
- PyQt, Python 3: Lambda slot assigning signal argument to a variable?
- How to write data to stdin of the first process in a Python shell pipeline?
- pygame.draw.circle, still draws a square
- Duplicate Frames Created When Calling a Function in a Tkinter Application
- Python TypeError: can only concatenate tuple (not "int") to tuple
- recursively editing member variable: All instances have same value
- missing 1 required positional argument: 'key'
- How do I fix this sorting error?
- Dictionary values missing
- Why does opening a file in two different encodings work as expected?
- Binary bit flip generator in python
Related Questions in HASH
- Trouble validating md5 hashed password with randomly generated salt?
- Why k and l for LSH used for approximate nearest neighbours?
- PHP password_hash() / bcrypt
- Unique hash/index for time interval
- Order-independent Hash Algorithm
- git hard reset - what am I doing wrong?
- Java HashMap, hashCode() equals() - how to be consistent with multiple keys?
- Create hash from variables in loop
- Hashing integer coordinates of different sizes
- Xcode salting and hashing a password
- Is there a way to generate a Guid from a list of Guids?
- Path reconstruction with Hashing?
- Creating a Hash with keys from an array and empty arrays as the values
- How to read data from a different file without using YAML or JSON
- change value in hash using an array of keys in ruby
Related Questions in PASSWORDS
- Do I have to randomize key in OpenSSL
- Xcode salting and hashing a password
- migrate one ldap server to another - questions
- Create a .txt with Password
- Hiding param of struts.xml values in Struts 2
- Detecting when CAPS LOCK is ON
- Save user and password Android
- Use MATLAB's webread to login to website and extract text
- authentication ruby valid_password error
- Linux acquire root permissions through a password popup
- I forgot the password to open a Word document. How can I retrieve the password?
- Django Rest Framework - serializer code not executing
- Transmit commands via ssh with password using expect
- Most used password in different language
- How does Maven 3 password encryption work?
Related Questions in PYTHONISTA
- Python API EOFError
- Labelnode timer in Pythonista 3
- Unable to install notion-py module on Pythonista 3 using StaSh
- Cannot install Pymongo on Pythonista3 for iPad due to TypeError
- Pythonista 3 cannot recognize line breaks
- Pythonista, loaded images are completely blue
- how to simulate user's touch on IOS using pythonista
- Why do I have to enter each row when I use pythonista, unlike vscode?
- How install pygame to pythonista apps
- What hashing algorithms would you recommend I use in Python3 that can generate a random salt, other than bcrypt?
- Return name of current foreground app in Pythonista IOS Iphone
- How do I take pictures from Pythonista and them export them into a specific album already on my iOS device
- Pythonista core module
- Trying to use python with photos.capture_image() for Kairos enroll API
- AirPlay iOS Receiver / Recorder
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
If pbkdf2 is natively available, I'd use that before trying to roll your own bcrypt. When its work factors are sufficiently large, it's still a solid choice when bcrypt or scrypt aren't available, and using it directly is safer than trying to recreate something else by hand.
Not knowing more about your use case, a general recommendation: use pbkdf2 with a sufficiently large number of rounds to take about a half-second's worth of the upper end of the processor throughput of your target devices. This keeps the UX within tolerable wait times while still providing reasonable resistance to offline attack.
I'd also recommend randomizing that number of rounds slightly over a range (like a thousand). For example, if you settled on 200,000 as having an acceptable 500ms delay, I'd randomly pick a value between 200,000 to 202,000 (or something like that) - whatever is needed to ensure that most users will have different rounds from each other (assuming that all user passwords might be aggregated into a single location that could be compromised and the hashes stolen). This is because some of the newer "associative" / "correlation" attacks only work well against a large set of hashes when all of the cost factors across that set of hashes are the same.
Long term, also be sure that your code easily accepts a variable floor and ceiling for the number of rounds, so you can choose to increase your number of rounds over time as processors advance. (You could even get fancy and dynamically calculate the range of rounds based on the processor that the password is being created on, so that it's future ready without any additional intervention.)