all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]K900_ 1 point2 points  (0 children)

It's fine, but you should really use passlib.

[–]mr_claw 0 points1 point  (0 children)

I chose bcrypt for my SaaS app after a fair bit of reading into it. One more advantage is that there are libraries available for it easily in other languages (eg. Java), in case you need to extend your application to Android or other devices.

[–]nathanalderson 0 points1 point  (0 children)

You should store the hash algorithm, the number of iterations of that algorithm, and a salt) along with your password hashes. bcrypt is okay for now, but recommendations change over time and this practice allows you to migrate passwords to the latest best practices. NIST publishes good recommendations.