[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: One-line password generator


i forgot to emphasize that each user should generate an own salt value by

  $ python
  >>> bcrypt.gensalt(16)

and put it into the bcrypt call of bcryptedpw.py

  p = bcrypt.hashpw(userpw, '$2a$16$MS6A6ZrsJ30ZdqHVCMWMm.')[-31:]

If many users would use the same salt, then it would be rewarding for
the attacker to memorize the bcrypted failed tries and to re-use them
very quickly for attacking the next user.

Have a nice day :)


Reply to: