← run

sec-password-hashing

1.000
2/2 tests· security

Proposed solution

```python
import hashlib
import os

def hash_password(password: str) -> str:
    salt = os.urandom(16)
    pwdhash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt, 100000)
    return salt + pwdhash

def verify_password(password: str, hashed: str) -> bool:
    salt = hashed[:16]
    pwdhash = hashed[16:]
    new_hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt, 100000)
    return new_hash == pwdhash
```