Answer a question

check_password_hash is taking much longer than the expected. Tested with Werkzeug 0.12 and 0.9. The test below shows that checking a password is taking about 2 seconds. Why does it take so long?

The project uses GAE -google app engine. And it is deployed on GAE. Not sure if GAE has werkzeug libraries that could overwrite the one that I have installed. I use the GAE SDK version 1.9.50

def verify_password(self, password):
    logging.info(self.password_hash)
    logging.info(str(datetime.now()))
    result = check_password_hash(self.password_hash, password)
    logging.info(str(datetime.now()))
    return result

hash:pbkdf2:sha256:......................................
2017-07-28 13:52:14.904270
2017-07-28 13:52:17.041060

================= EDIT 1 ============ OK, seems that I haven't cleared my libraries folder completely. I have tried multiple times and upgrading from Werkzeug==0.9.6 to Werkzeug==0.12 solves the problem. Downgrading to 0.9.6 returns the problem back.

That fixed the problem only on my machine. On the GAE server the delay is still there. ================= EDIT 2 ============ After creating very minimalistic project, I tested again and on GAE the behavior was the same. Then I saw that in my database there were two types of passwords: one with sha1 and other with sha256. Those that were sha1 were working fast on GAE as well.

Answers

At the beginning I thought that the problem is because of the difference between sha1 and sha256. However, it's the number of iterations used when creating the password that affects the hash time. http://werkzeug.pocoo.org/docs/0.12/utils/#werkzeug.security.generate_password_hash At some point, the default was increased from 1000 to 50000.

Reducing the number of iterations back to 1000 makes hashing faster, at the expense of reduced security.

generate_password_hash(password, method='pbkdf2:sha256:1000')

In the database I had passwords with both types, some generated before upgrading Werkzeug and some after.

pbkdf2:sha1:1000$.......
pbkdf2:sha256:50000$......

So the difference between the first and the second one was huge because of 1000 vs 50000 iterations.

# python # flask
Logo
Python

Python社区为您提供最前沿的新闻资讯和知识内容

更多推荐

cover

求助!为什么用InsCode部署会出现无限重定向?

avatar Python

如何重塑熊猫。系列

问题:如何重塑熊猫。系列 在我看来,它就像 pandas.Series 中的一个错误。 a = pd.Series([1,2,3,4]) b = a.reshape(2,2) b b 有类型 Series 但无法显示,最后一条语句给出异常,非常冗长,最后一行是“TypeError: %d format: a number is required, not numpy.ndarray”。 b.sha

avatar Python

在哪里可以找到有关 Keras 中默认权重初始化器的文档? [复制]

问题:在哪里可以找到有关 Keras 中默认权重初始化器的文档? [复制] 我刚刚在这里](https://keras.io/initializers/)中阅读了有关[中的 Keras 权重初始化器的信息。在文档中,只介绍了不同的初始化程序。如: model.add(Dense(64, kernel_initializer='random_normal')) 当我没有指定kernel_initia

avatar Python