Unless you are protecting Medical records bcrypt is overkill if you do some reasonably smart things like "Failed logins from IP >9"
Or, if you just do something weird to the password BEFORE you SHA it. Like interleave the user name in the password, Salt1 + UpSaEsRsNwAoMrEd + Salt2 Or Pick 2 Hash's SHA(pass) + Md5(pass) Don't want to store all that string length? Odd Characters from Sha(Pass+salt) + Even Characters from MD5(Pass+Salt) Uniqueness of the method is more important than the method. -----Original Message----- From: google-appengine@googlegroups.com [mailto:google-appengine@googlegroups.com] On Behalf Of Brian Quinlan Sent: Saturday, November 12, 2011 6:58 PM To: google-appengine@googlegroups.com Subject: Re: [google-appengine] Help resolve massive performance regression in 2.7 vs 2.5 runtime Hi Pol, On Sun, Nov 13, 2011 at 1:48 PM, Pol <p...@everpix.net> wrote: > Hi, > > Since switching to 2.7 runtime, logging in to http://www.everpix.com > went from about a second to anywhere from 15s to 60s. I tracked it > down to this single password checking line: > > from bcrypt import bcrypt > bcrypt.hashpw(password, self.password_hash) == self.password_hash What value are you using for "threadsafe" in your app.yaml? How large is self.password_hash? Cheers, Brian > This comes from "a native Python implementation of the py-bcrypt > package from http://www.mindrot.org/projects/py-bcrypt/"; grabbed from > here: https://github.com/erlichmen/py-bcrypt. > > So what's happening here and how can we fix this? > > Thanks, > > - Pol > > -- > You received this message because you are subscribed to the Google Groups "Google App Engine" group. > To post to this group, send email to google-appengine@googlegroups.com. > To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
