PBKDF2 Auth - FastAPI

markhor.

05/16/2023, 10:14 AM

Hello team! We are an enterprise company currently developing a highly sensitive project with some financial institutions. Our requirement is to implement this hashing algorithm for all the users that are registered on our platform. We are using FastAPI for the backend so would appreciate any help.

rp_st

05/16/2023, 10:23 AM

Right. Could you please elaborate?

rp_st

05/16/2023, 10:24 AM

You can use our email password feature to store abs verify the password hashes. And you can use argon2 hashing as well

markhor.

05/17/2023, 2:11 AM

We want to use the PBKDF2 algorithm for hashing

rp_st

05/17/2023, 4:22 AM

Hey. Unfortunately we don’t support that yet. But we are open to contributions or prioritisation of features if you opt in to our highest tier support plan.

rp_st

05/17/2023, 4:22 AM

You can even hack your way around having this hashing algorithm using our overrides feature on the backend SDK.

rp_st

05/17/2023, 4:23 AM

By overriding the email password recipe functions

rp_st

05/17/2023, 4:24 AM

Such that in your override, before calling the original implementation, you do this hashing yourself. This way, the password are first hashes using PBKDF2 and then hashes using argon2 in the core. Doing this double hashing shouldn’t really cause any issues from a security point of view anyway, and give you what you are looking for

rp_st

05/17/2023, 4:24 AM

@markhor.

8 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).