So when building a webapp and storing passwords, both security and performance are important

Question

0

Asked: June 7, 20262026-06-07T05:19:06+00:00 2026-06-07T05:19:06+00:00

So when building a webapp and storing passwords, both security and performance are important

0

So when building a webapp and storing passwords, both security and performance are important things to keep in mind. Having seen evidence that even salted SHA1 passwords can be easily cracked due to the increasing speed of GPUs, I was wondering what are the best practices of storing passwords.

I thought that in order to add more security to storing passwords, you could add a secret to the salt. So for instance, the python code for this could be:

import hashlib
import hmac

secret = 'XYZ'
h = hmac.new('salt' + secret, 'password')

Is this a common thing to do?
What are the drawbacks of this?
What are the best practices in this field?

P.S. I didn’t post this in the security forum because I want a webapp developer’s perspective.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T05:19:08+00:00

Editorial Team

2026-06-07T05:19:08+00:00Added an answer on June 7, 2026 at 5:19 am

Also have a look at passlib: http://pypi.python.org/pypi/passlib/

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So when building a webapp and storing passwords, both security and performance are important

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply