0

I'm using WTForms-Alchemy to define forms from model objects. I defined a field as a password thus:

password = db.Column(PasswordType(schemes=['pbkdf2_sha512']), nullable=True)

I persist the form to PostgreSQL and I always end up with the wrong hash in the database. Interestingly, this method worked flawlessly on a previous project that used MySQL.

I've now decided to encrypt my passwords by hand by calling pbkdf2_sha512.encrypt and pbkdf2_sha512.verify manually and the hashes are stored correctly.

Am I missing a configuration parameter? Could this be a bug?

4

1 回答 1

1

我不完全确定这里的问题是什么,但我想提一下,现在不建议使用 pbkdf2 ——如果您要存储用户密码哈希,则最好使用 bcrypt 存储密码。bcrypt 是一种 cpu 硬散列算法,这使得潜在攻击者更难暴力破解。

于 2014-03-28T16:23:54.557 回答