use generated salts instead of fixed ones

2025-11-01 10:55:55 +01:00 · 2017-09-12 21:43:24 -04:00
parent b4f9fc3a5e
commit 8bc1bdd5f7
5 changed files with 20 additions and 15 deletions
--- a/setup.py
+++ b/setup.py
@@ -28,16 +28,16 @@ password1 = getpass.getpass()
 password2 = getpass.getpass(prompt='Repeat the same password: ')

 if password1 == password2:
-    hash = src.my_scrypt.getVerificationHash(password1)
-
-    src.sql.setOption('username', username)
-    src.sql.setOption('password', binascii.hexlify(hash))
-
    # urandom is secure enough, see https://docs.python.org/2/library/os.html
    src.sql.setOption('flask_secret_key', base64.b64encode(os.urandom(24)))
    src.sql.setOption('verification_salt', base64.b64encode(os.urandom(24)))
    src.sql.setOption('encryption_salt', base64.b64encode(os.urandom(24)))

+    hash = src.my_scrypt.getVerificationHash(password1)
+
+    src.sql.setOption('username', username)
+    src.sql.setOption('password', binascii.hexlify(hash))
+
    src.sql.commit()

    print('Application has been set up. You can now login.')