[Question] password hashing

[s-celles]

Question

Hello,

I noticed this https://flet.dev/docs/guides/python/encrypting-sensitive-data/ article which explains how to cipher password using flet encrypt / decrypt function

I think this article should explain how to deal with a .env file to store secret.

Moreover I don't think it's very safe to store passwords in application / db even a ciphered version of password.

Hashing a salted password may be prefered.
https://www.google.com/search?q=hash+salt+password

Any opinion about that?

Kind regards

Code sample

No response

Error message

No response

------------------------------------------------------

• I have searched for answers to my question both in the issues and in previous discussions.

[s-celles]

Here is how I processed

import os
import bcrypt


def hash_password(login: str, password: str):
    # salt = bcrypt.gensalt()
    salt = os.getenv("MYAPP_SECRET_KEY")
    return bcrypt.hashpw((password + login).encode(), salt.encode())

def check_password(login: str, password: str, hashed_password: bytes):
    new_hashed_password = hash_password(login, password)
    return new_hashed_password == hashed_password

[FeodorFitsner]

Would you like to do a PR to that doc article?

[plugeit]

The best thing would be store the key on a server like Firebase and retrieve it from their added security

[s-celles]

I will tackle that if someone can help me on #1891

[plugeit]

my app is going to have only otp login