pwn/M-CTF-2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Обновить darkbazaar/src/auth.py

Browse Source
This commit is contained in:
pwn
2025-12-14 14:47:00 +03:00
parent 0f7e716f20
commit d45ca06d07
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
darkbazaar/src/auth.py
View File

@@ -1,9 +1,11 @@
from passlib.context import CryptContext
ctx = CryptContext(schemes=["pbkdf2_sha256"], pbkdf2_sha256__rounds=1)
def get_password_hash(password: str) -> str:
return ctx.hash(password)
def verify_password(plain_password: str, hashed_password: str) -> bool:
return ctx.verify(plain_password, hashed_password)
from passlib.context import CryptContext
# SECURITY FIX: Use proper PBKDF2 rounds (29000+ recommended, using 260000 for better security)
# Previously was using only 1 round which made password cracking trivial
ctx = CryptContext(schemes=["pbkdf2_sha256"], pbkdf2_sha256__rounds=260000)
def get_password_hash(password: str) -> str:
return ctx.hash(password)
def verify_password(plain_password: str, hashed_password: str) -> bool:
return ctx.verify(plain_password, hashed_password)