0
0
Flaskframework~20 mins

Password storage best practices in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Password Storage Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Why use salted hashes for passwords?

In Flask applications, why is it important to store passwords as salted hashes instead of plain hashes?

ASalting passwords automatically encrypts the password with a secret key.
BSalting passwords makes the hash shorter and easier to store in the database.
CSalting passwords allows the server to decrypt the password when needed.
DSalting passwords prevents attackers from using precomputed tables to reverse hashes easily.
Attempts:
2 left
💡 Hint

Think about how attackers try to guess passwords using pre-made lists.

component_behavior
intermediate
2:00remaining
Flask password hashing with werkzeug.security

What will be the output of this Flask code snippet when checking a password?

Flask
from werkzeug.security import generate_password_hash, check_password_hash

hashed = generate_password_hash('mypassword')
result = check_password_hash(hashed, 'wrongpassword')
print(result)
ARaises TypeError
BTrue
CFalse
DNone
Attempts:
2 left
💡 Hint

Check what happens when the password does not match the hash.

📝 Syntax
advanced
2:00remaining
Identify the correct way to hash a password in Flask

Which code snippet correctly hashes a password using werkzeug.security in Flask?

Ahashed = generate_password_hash(password, salt='randomsalt')
Bhashed = generate_password_hash(password, method='pbkdf2:sha256')
Chashed = generate_password_hash(password, method='sha256')
Dhashed = generate_password_hash(password, rounds=1000)
Attempts:
2 left
💡 Hint

Look for the recommended secure hashing method in werkzeug.

🔧 Debug
advanced
2:00remaining
Why does this password check always fail?

Consider this Flask code snippet:

from werkzeug.security import generate_password_hash, check_password_hash

hashed = generate_password_hash('secret')
if check_password_hash('secret', 'secret'):
    print('Access granted')
else:
    print('Access denied')

Why does it always print 'Access denied'?

AThe first argument to <code>check_password_hash</code> should be the hashed password, not the plain password.
BThe password string 'secret' is too short to be hashed correctly.
CThe <code>generate_password_hash</code> function does not return a valid hash.
DThe <code>check_password_hash</code> function requires a salt argument.
Attempts:
2 left
💡 Hint

Check the order and meaning of arguments in check_password_hash.

state_output
expert
2:00remaining
Password hash uniqueness with same input

Given this Flask code:

from werkzeug.security import generate_password_hash

hash1 = generate_password_hash('mypassword')
hash2 = generate_password_hash('mypassword')
print(hash1 == hash2)

What will be printed and why?

AFalse, because each hash includes a unique salt making hashes different even for the same password.
BNone, because the hashes are not comparable strings.
CRaises TypeError because generate_password_hash cannot be called twice with the same input.
DTrue, because hashing the same password always produces the same hash.
Attempts:
2 left
💡 Hint

Think about how salting affects the output of hashing.