Password Mismanagement

"Peppering" a password is a good security practice that involves adding a secret, random value (known as the pepper) to a password before hashing it. Unlike the salt, the pepper is typically a long, random, and secret string that is kept separate from the hashed passwords. This will require an attacker to compromise two separate systems if they want to steal and decrypt your passwords.

Hashing Passwords

   import bcrypt

def hash_password(password, salt, pepper):
    # Concatenate pepper and password
    combined_password = pepper + password

    # Generate a salted hash
    hashed_password = bcrypt.hashpw(combined_password.encode('utf-8'), salt)

    return hashed_password

# Example usage
password = "user_password"
salt     = bcrypt.gensalt()
pepper   = "your_secret_pepper"

hashed_password = hash_password(password, salt, pepper)
print(f"Hashed Password: {hashed_password.decode('utf-8')}") 