Replace PBKDF2 with scrypt

solvable/src/webservice/crypto.py

@@ -1,11 +1,19 @@
-from passlib.hash import pbkdf2_sha256
+from os import urandom
+from hashlib import scrypt
 
 
 class PasswordHasher:
     @staticmethod
     def hash(password):
-        return pbkdf2_sha256.hash(password)
+        salt = urandom(32)
+        return PasswordHasher.scrypt(password, salt).hex()+salt.hex()
 
     @staticmethod
     def verify(password, hashdigest):
-        return pbkdf2_sha256.verify(password, hashdigest)
+        salt = bytes.fromhex(hashdigest[64:])
+        hashdigest = bytes.fromhex(hashdigest[:64])
+        return PasswordHasher.scrypt(password, salt) == hashdigest
+
+    @staticmethod
+    def scrypt(password, salt):
+        return scrypt(password.encode(), salt=salt, n=16384, r=8, p=1, dklen=32)