id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16336	Weak salts for auth backend	ninjaneo	nobody	"salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5]

Does not provide enough entropy, as its solely numeric, and always begins with: '0.'
That means it only increases complexity by 3 numbers. 10*10*10 = 1000 possibilities.
Noticed there is also no iterative hashing performed (rounds), which is crucial part of salting.

Perhaps use os.urandom?"	Uncategorized	closed	contrib.auth	1.3	Normal	duplicate			Unreviewed	0	0	0	0	0	0