security flask cryptography password-hash flask-security

Need advice on password hashing algorithm for Flask security module

In one of my flask project I'm using Flask-security module for security mechanism. In module configuration I have 3 choices for password hashing algorithm bcrypt, sha512_crypt, pbkdf2_sha512.

Can any one suggest me which to use and why?

Any help would be appreciated.

Solution

All of these are acceptable choices. I prefer bcrypt, because it's GPU unfriendly, so an attacker won't have a big advantage when they use a GPU while your server uses a CPU to hash.

Make sure to choose a work factor that's as big as possible while offering acceptable performance. Should be somewhere between 10 and 100ms for typical web servers.

How to make Google Analytics respond to "Do Not Track"
Implementing Custom Expression Handling with Spring Security 6
What are the security concerns for JSF?
App attestation failed with Firebase App check in release on Android
SQL Server returns error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." in Windows application
When should I use the deny access functions in Symfony 4.4 controllers?
Install two traefik ingress controller on same kubernetes Cluster
Logon events from within credential provider
How to give access to my API for a mobile app?
How to verify a JWKS's integrity and authenticity
Changes in the front-end (Vue.js) part of the PatrolHears project (open source code)
ECPrivateKey to ECPublicKey without BouncyCastle
What TargetName to use when calling InitializeSecurityContext (Negotiate)?
java.security.NoSuchAlgorithmException:Cannot find any provider supporting AES/ECB/PKCS7PADDING
Which procedure is more secure for encryption using Password and Seed
Source security group isn't working as expected in AWS
Google Authenticator available as a public service?
Where do you store your salt strings?
Can other software programs deny access to data sealed in a PCR of a TPM by extending measurements to that PCR?
How do I skip certains rules for parameter in a path in ModSecurity?
Facebook image URLs - how are they kept from un-authorised users?
How to serve attachments privately using Rails?
java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER]
<app> would like to access data from other apps - macOS Sonoma
IdentityServer4 and SSO
How to prevent Screen Capture in Android
Prevent QR code from being copied and QR code should be scanable by my mobile app only
How to pin the Public key of a certificate on iOS
Preventing to send requests from different devices
Clarification regarding SOC-2 compliance in multiple locations