-
Notifications
You must be signed in to change notification settings - Fork 9
D. Approach to Verification
Joshua M Clatney edited this page Dec 14, 2024
·
3 revisions
- Salted Hashes (Bcrypt, Argon2id):
- Bcrypt: Uses bcrypt.checkpw() to verify against the original hash’s salt and cost parameters.
- Argon2id: Leverages argon2-cffi’s PasswordHasher.verify() to ensure correct handling of memory-cost and parallelization parameters.
- Unsalted Hashes:
- ClatsCracker recomputes the hash using the given algorithm and compares the result directly to the target hash. If they match, the password is identified. This approach aligns with industry best practices, improving accuracy and reducing false negatives common in other scripts that attempt re-hashing with new salts.