Unless you are protecting Medical records bcrypt is overkill if you do some reasonably smart things like "Failed logins from IP >9"
Or, if you just do something weird to the password BEFORE you SHA it. Like interleave the user name in the password, Salt1 + UpSaEsRsNwAoMrEd + Salt2 Or Pick 2 Hash's SHA(pass) + Md5(pass) Don't want to store all that string length? Odd Characters from Sha(Pass+salt) + Even Characters from MD5(Pass+Salt) Uniqueness of the method is more important than the method. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Quinlan Sent: Saturday, November 12, 2011 6:58 PM To: [email protected] Subject: Re: [google-appengine] Help resolve massive performance regression in 2.7 vs 2.5 runtime Hi Pol, On Sun, Nov 13, 2011 at 1:48 PM, Pol <[email protected]> wrote: > Hi, > > Since switching to 2.7 runtime, logging in to http://www.everpix.com > went from about a second to anywhere from 15s to 60s. I tracked it > down to this single password checking line: > > from bcrypt import bcrypt > bcrypt.hashpw(password, self.password_hash) == self.password_hash What value are you using for "threadsafe" in your app.yaml? How large is self.password_hash? Cheers, Brian > This comes from "a native Python implementation of the py-bcrypt > package from http://www.mindrot.org/projects/py-bcrypt/"; grabbed from > here: https://github.com/erlichmen/py-bcrypt. > > So what's happening here and how can we fix this? > > Thanks, > > - Pol > > -- > You received this message because you are subscribed to the Google Groups "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to [email protected]. > For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
