try something like this:
def hashing(plaintext, salt="", sha="512"): """ Returns the hashed and encrypted hexdigest of a plaintext and salt""" app = webapp2.get_app() # Hashing if sha == "1": phrase = hashlib.sha1() elif sha == "256": phrase = hashlib.sha256() else: phrase = hashlib.sha512() phrase.update("%s@%s" % (plaintext, salt)) phrase_digest = phrase.hexdigest() # Encryption (PyCrypto) # wow... it's so secure :) try: from Crypto.Cipher import AES mode = AES.MODE_CBC # We can not generate random initialization vector because is difficult to retrieve them later without knowing # a priori the hash to match. We take 16 bytes from the hexdigest to make the vectors different for each hashed # plaintext. iv = phrase_digest[:16] encryptor = AES.new(app.config.get('aes_key'), mode, iv) ciphertext = [encryptor.encrypt(chunk) for chunk in chunks(phrase_digest, 16)] return ''.join(ciphertext) except Exception, e: logging.error("CRYPTO is not running: {}".format(e)) raise On Monday, January 4, 2016 at 8:12:37 AM UTC+2, A. Kong wrote: > > Hi all, > > If I understand it correctly, GAE webapp2 encrypts password using SHA1 > (see method create_user as in > https://webapp-improved.appspot.com/_modules/webapp2_extras/appengine/auth/models.html > ) > > I want to be able to switch to SHA-256 or other algorithm. Is there any > official way to override this? I found this github repo and its > recommendation seems to be rolling your own RequestHandler. Is it a good > approach? Is there any other alternative? > > There is a related entry in the archived bug tracker > https://code.google.com/p/webapp-improved/issues/detail?id=57 Is the > comment there still up to date? > > Cheers > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/76adea80-d52b-481a-91ba-acaaa5efd45d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.