Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

5
  • I guess windows was just not cut for this :) i may just stay with simple hashlib.sha512 and thats it . more errors from bcryptor. ill try cryptacular next and that's that. Commented Aug 17, 2011 at 20:46
  • ok cryptacular works. it's bcrypt works. question. am i not supposed to salt bcrypt? just asking. Commented Aug 17, 2011 at 20:49
  • If you're following the example at the top of the Cryptacular docs, manager.encode(password) takes care of salt generation... you can test this by running manager.encode("test") twice, and you'll see the hash is different - this shows it's taking care of generating a new salt. (this page gives a brief description of the bcrypt hash string format if you're curious). Commented Aug 17, 2011 at 22:20
  • Ok hold on. So i dont need to separately store the salt? the rounds and salt are stored inside the hash? Commented Aug 18, 2011 at 9:51
  • 1
    Yep... in fact all the password hashes in the libraries I linked to are completely self-contained, and the code handles salt generation automatically. Calling .encode() for Cryptacular / .encrypt() for Passlib does all of it for you... then just call .verify() to check the password. If you want a different number of rounds than the default, just pass that as rounds=value to when you call encode(). Commented Aug 18, 2011 at 11:29