Password Mismanagement

Choose a strong hash like BCrypt. Storing the password hash will allow you to test the correctness of a password when a user re-enters it, but keeps it opaque to anyone who has database access.

Hashing Passwords

   import bcrypt

def hash_password(password, salt, pepper):
    # Concatenate pepper and password
    combined_password = pepper + password

    # Generate a salted hash
    hashed_password = bcrypt.hashpw(combined_password.encode('utf-8'), salt)

    return hashed_password

# Example usage
password = "user_password"
salt     = bcrypt.gensalt()
pepper   = "your_secret_pepper"

hashed_password = hash_password(password, salt, pepper)
print(f"Hashed Password: {hashed_password.decode('utf-8')}") 