Sounds reasonable to me. As long as introducing the per user maxlength doesn't introduce too many other headaches. FWIW I would also suggest the move towards using passlibs CryptContext instead of embedding the algorithm etc in the code.
Sounds reasonable to me. As long as introducing the per user maxlength doesn't introduce too many other headaches.
FWIW I would also suggest the move towards using passlibs CryptContext instead of embedding the algorithm etc in the code.