我想知道从网络表单传输密码并将其存储在数据存储中的最新技术是什么.

I'm wondering what is the state-of-the-art of transmitting passwords from a web form and storing them in the data store.

最近很多帖子都指向 bcrypt，但是，没有纯 Python 实现，这是 App Engine 的要求.

A lot of recent posts point to bcrypt, however, there are no pure Python implementations, which is a requirement for App Engine.

有什么建议吗?

推荐答案

最佳实践?将用户 API 与 Google 帐户或 OpenID 一起使用，因此您一开始就不会存储或传输密码.

Best practice? Use the Users API with either Google Accounts or OpenID, so you're not storing or transmitting passwords in the first place.

如果您必须自己做，请通过 SSL 传输登录数据，并存储经过哈希、加盐和 加强，使用PBKDF2等方案.

If you must do it yourself, transmit the login data over SSL, and store the password hashed, salted, and strengthened, using a scheme such as PBKDF2.