Some one know flask-bcrypt vs werkzeug.security

Question

Some one know flask-bcrypt vs werkzeug.security

tim-hub opened this issue 8 years ago · comments

Tim commented 8 years ago

http://werkzeug.pocoo.org/docs/0.11/utils/#module-werkzeug.security

https://flask-bcrypt.readthedocs.io/en/latest/

which is safer?

Andriy Tymchenko · Answer 1 · Tue Nov 29 2016 02:45:50 GMT+0800 (China Standard Time)

former uses PBKDF while latter uses bcrypt

now "Why bcrypt is somewhat better than PBKDF2, Why bcrypt is not optimally secure, What NIST recommends" from Sep'2010

plus "SHA-256, in particular, benefits a lot from being implemented on a GPU. Thus, if you use SHA-256-crypt, attackers will be more at an advantage than if you use bcrypt, which is hard to implement efficiently in a GPU. ... Though SHA-256-crypt is not PBKDF2, it is similar enough in its performance behaviour on GPU, so the same conclusions apply." from Aug'2016

in other words, unless you serve US govt servants and hence must use FIPS / NIST rules, stick to bcrypt for time being.

Deleted user · Answer 2 · Wed Aug 18 2021 08:06:22 GMT+0800 (China Standard Time)

[Duplicate](

url

) of #``