Hi, i forgot to emphasize that each user should generate an own salt value by
$ python >>> bcrypt.gensalt(16) '$2a$16$MS6A6ZrsJ30ZdqHVCMWMm.' and put it into the bcrypt call of bcryptedpw.py p = bcrypt.hashpw(userpw, '$2a$16$MS6A6ZrsJ30ZdqHVCMWMm.')[-31:] If many users would use the same salt, then it would be rewarding for the attacker to memorize the bcrypted failed tries and to re-use them very quickly for attacking the next user. Have a nice day :) Thomas
