== Why is this an issue?

include::../description.adoc[]

include::../recommended.adoc[]

=== Noncompliant code example

hashlib

[source,python]
----
import crypt
from hashlib import pbkdf2_hmac

hash = pbkdf2_hmac('sha256', password, b'D8VxSmTZt2E2YV454mkqAY5e', 100000)    # Noncompliant: salt is hardcoded
----

crypt

[source,python]
----
hash = crypt.crypt(password)         # Noncompliant: salt is not provided
----

=== Compliant solution

hashlib

[source,python]
----
import crypt
from hashlib import pbkdf2_hmac

salt = os.urandom(32)
hash = pbkdf2_hmac('sha256', password, salt, 100000)    # Compliant
----

crypt

[source,python]
----
salt = crypt.mksalt(crypt.METHOD_SHA256)
hash = crypt.crypt(password, salt)         # Compliant
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]