Readme
Original repo gets some updates at GitHub, but new versions are not uploaded to pypi at all. Maintainer declined to keep pypi project up to date. So here's this repo: pypi package is automatically updated and is in sync with the master branch.
Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.
Due to the recent increased prevalence of powerful hardware, such as modern GPUs, hashes have become increasingly easy to crack. A proactive solution to this is to use a hash that was designed to be "de-optimized". Bcrypt is such a hashing facility; unlike hashing algorithms such as MD5 and SHA1, which are optimized for speed, bcrypt is intentionally structured to be slow.
For sensitive data that must be protected, such as passwords, bcrypt is an advisable choice.
Install using pip:
pip install Bcrypt-Flask
To use the extension simply import the class wrapper and pass the Flask app object back to here. Do so like this:
from flask import Flask
from flask_bcrypt import Bcrypt
app = Flask(__name__)
bcrypt = Bcrypt(app)
Two primary hashing methods are now exposed by way of the bcrypt object. Use them like so:
pw_hash = bcrypt.generate_password_hash('hunter2')
bcrypt.check_password_hash(pw_hash, 'hunter2') # returns True
(Flask config)
BCRYPT_LOG_ROUNDS: default 12BCRYPT_HASH_PREFIX: default '2b'BCRYPT_HANDLE_LONG_PASSWORDS: default False.
By default, the bcrypt algorithm has a maximum password length of 72 bytes
and ignores any bytes beyond that. A common workaround is to hash the
given password using a cryptographic hash (such as sha256), take its
hexdigest to prevent NULL byte problems, and hash the result with bcrypt.
If the BCRYPT_HANDLE_LONG_PASSWORDS configuration value is set to True,
the workaround described above will be enabled.
Warning: do not enable this option on a project that is already using
Flask-Bcrypt, or you will break password checking.
Warning: if this option is enabled on an existing project, disabling it
will break password checking.FAQs
Brcrypt hashing for Flask.
We found that Bcrypt-Flask demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).
Security News
LDAPjs, an LDAP Client and Server API for Node.js, was decommissioned after its maintainer received an abusive email from a user, raising concerns about this form of abuse as a potential attack vector.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.