There is nothing new in this respect. I think you can salt the password in this way:
import uuid session._salt = session._salt or str(uuid.uuid4() auth.settings.extra_fields['auth_user'].append(Field('salt',writable=False,readable=False,default=session._salt)) auth.define_tables() ... if auth.user: session._salt=auth.user.salt db.auth_user.password.requires=CRYPT(auth.settings.hmac_key +session._salt) give it a try. On Jun 1, 4:02 pm, pbreit <pbreitenb...@gmail.com> wrote: > I saw in the changesets some notes about salts and smart_hashes. Is it now > possible to salt password hashes?