Password hashing with Argon2 and bcrypt migration paths

5165 views

                  from argon2 import PasswordHasher

password_hasher = PasswordHasher(
    time_cost=3,
    memory_cost=65536,
    parallelism=4,
)

password_hash = password_hasher.hash('correct horse battery staple')
password_hasher.verify(password_hash, 'correct horse battery staple')

Passwords should never be encrypted for later recovery. I store slow one-way hashes, tune work factors for current hardware, and maintain a rehash path when users log in with older credentials. Argon2id is my first choice for new systems, while bcrypt remains a strong practical baseline.

Kai Nakamura

More from Kai Nakamura

Password hashing with Argon2 and bcrypt migration paths

0 Comments

More from Kai Nakamura