Re: One-line password generator
Hi,
i forgot to emphasize that each user should generate an own salt value by
$ python
>>> bcrypt.gensalt(16)
'$2a$16$MS6A6ZrsJ30ZdqHVCMWMm.'
and put it into the bcrypt call of bcryptedpw.py
p = bcrypt.hashpw(userpw, '$2a$16$MS6A6ZrsJ30ZdqHVCMWMm.')[-31:]
If many users would use the same salt, then it would be rewarding for
the attacker to memorize the bcrypted failed tries and to re-use them
very quickly for attacking the next user.
Have a nice day :)
Thomas
Reply to: