colin-d-fried · colin-d-fried · Mar 26, 2026 · cursor · Mar 26, 2026 · devin-ai-integration
diff --git a/vulnerable_weak_crypto.py b/vulnerable_weak_crypto.py
@@ -37,7 +37,7 @@
         return MD5.new(password.encode()).hexdigest()
 
 def verify_password(input_password, stored_hash):
-    input_hash = hashlib.md5(input_password.encode()).hexdigest()
+    input_hash = hashlib.sha256(input_password.encode()).hexdigest()
@@ -36,8 +36,13 @@
    def hash(self, password):
        return MD5.new(password.encode()).hexdigest()
-def verify_password(input_password, stored_hash):
-    input_hash = hashlib.sha256(input_password.encode()).hexdigest()
+def hash_password_pbkdf2(password: str, salt: bytes, iterations: int = 100_000) -> str:
+    # Derive a password hash using PBKDF2-HMAC-SHA256.
+    dk = hashlib.pbkdf2_hmac("sha256", password.encode(), salt, iterations)
+    return dk.hex()
+
+def verify_password(input_password, stored_hash, salt, iterations: int = 100_000):
+    input_hash = hash_password_pbkdf2(input_password, salt, iterations)
    return input_hash == stored_hash
 def encrypt_sensitive_data(data):
@@ -36,8 +36,13 @@
    def hash(self, password):
        return MD5.new(password.encode()).hexdigest()

-def verify_password(input_password, stored_hash):
-    input_hash = hashlib.sha256(input_password.encode()).hexdigest()
+def hash_password_pbkdf2(password: str, salt: bytes, iterations: int = 100_000) -> str:
+    # Derive a password hash using PBKDF2-HMAC-SHA256.
+    dk = hashlib.pbkdf2_hmac("sha256", password.encode(), salt, iterations)
+    return dk.hex()
+
+def verify_password(input_password, stored_hash, salt, iterations: int = 100_000):
+    input_hash = hash_password_pbkdf2(input_password, salt, iterations)
    return input_hash == stored_hash

 def encrypt_sensitive_data(data):
     return input_hash == stored_hash
 
 def encrypt_sensitive_data(data):