Обновить darkbazaar/src/auth.py

2025-12-14 14:47:00 +03:00
parent 0f7e716f20
commit d45ca06d07
1 changed files with 11 additions and 9 deletions
--- a/darkbazaar/src/auth.py
+++ b/darkbazaar/src/auth.py
@@ -1,6 +1,8 @@
 from passlib.context import CryptContext

-ctx = CryptContext(schemes=["pbkdf2_sha256"], pbkdf2_sha256__rounds=1)
+# SECURITY FIX: Use proper PBKDF2 rounds (29000+ recommended, using 260000 for better security)
+# Previously was using only 1 round which made password cracking trivial
+ctx = CryptContext(schemes=["pbkdf2_sha256"], pbkdf2_sha256__rounds=260000)

 def get_password_hash(password: str) -> str:
    return ctx.hash(password)