DEV Community: Avash Karn The latest articles on DEV Community by Avash Karn (@avash_karn). https://dev.to/avash_karn https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3933233%2F56290230-cdb4-4f0e-9175-c3fe094af7d9.png DEV Community: Avash Karn https://dev.to/avash_karn en Building an E2EE Chat App in Flask - Part 2: Secure Password Storage Avash Karn Fri, 22 May 2026 09:26:50 +0000 https://dev.to/avash_karn/building-an-e2ee-chat-app-in-flask-part-2-secure-password-storage-3god https://dev.to/avash_karn/building-an-e2ee-chat-app-in-flask-part-2-secure-password-storage-3god <p>Hey everyone! Part 1 explained encryption. Now let's secure passwords.</p> <h2> The Problem: Plain Text Passwords </h2> <p>In my first version, I stored passwords like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">user</span> <span class="ow">and</span> <span class="n">user</span><span class="p">.</span><span class="n">password</span> <span class="o">==</span> <span class="n">p_word</span><span class="p">:</span> <span class="c1"># LOGIN </span></code></pre> </div> <p>This is TERRIBLE because:</p> <ul> <li>If database leaks, everyone's passwords exposed</li> <li>No hashing = no protection</li> <li>One breach = account takeover</li> </ul> <h2> The Solution: Werkzeug Password Hashing </h2> <p>Use werkzeug.security to hash passwords:</p> <h3> Registration: </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">werkzeug.security</span> <span class="kn">import</span> <span class="n">generate_password_hash</span> <span class="n">hashed_password</span> <span class="o">=</span> <span class="nf">generate_password_hash</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="nc">User</span><span class="p">(</span><span class="n">username</span><span class="o">=</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="n">hashed_password</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="n">session</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="n">session</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <h3> Login: </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">werkzeug.security</span> <span class="kn">import</span> <span class="n">check_password_hash</span> <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">.</span><span class="n">query</span><span class="p">.</span><span class="nf">filter_by</span><span class="p">(</span><span class="n">username</span><span class="o">=</span><span class="n">username</span><span class="p">).</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="n">user</span> <span class="ow">and</span> <span class="nf">check_password_hash</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">password</span><span class="p">,</span> <span class="n">password</span><span class="p">):</span> <span class="n">session</span><span class="p">[</span><span class="sh">'</span><span class="s">logged_in</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># USER LOGGED IN </span></code></pre> </div> <h2> Why This Works </h2> <ul> <li>Passwords are hashed (one-way)</li> <li>Hash can't be reversed</li> <li>Even if leaked, passwords stay safe</li> <li>Industry standard</li> <li>Built into Flask ecosystem</li> </ul> <h2> What I Learned </h2> <p>Passwords must NEVER be stored in plain text. Ever.</p> <h2> Part 3 Coming </h2> <p>File uploads and validation.</p> <p>Questions? Drop them below!</p> python security tutorial webdev Building an E2EE Chat App in Flask - Part 1: Why Encryption Matters Avash Karn Fri, 22 May 2026 07:33:47 +0000 https://dev.to/avash_karn/building-an-e2ee-chat-app-in-flask-part-1-why-encryption-matters-2lo4 https://dev.to/avash_karn/building-an-e2ee-chat-app-in-flask-part-1-why-encryption-matters-2lo4 <p>Hey everyone! I'm building an encrypted chat application in Flask and documenting the journey. Here's Part 1.<br> Why E2EE Matters<br> Most messaging apps claim to be secure, but they're not. Your messages sit on their servers where anyone with access can read them.</p> <p>End-to-End Encryption (E2EE) = only you and the recipient can read messages. The server can't see anything.</p> <p>Example:<br> WhatsApp uses E2EE. Facebook Messenger doesn't. Your choice matters.</p> <p>Why I Built This<br> I wanted to understand encryption by building it, not just reading about it. This project taught me way more than any tutorial.</p> <p>What's Next<br> Part 2: How to handle passwords safely without storing them in plain text.</p> <p>Questions? Drop them in comments!</p> privacy python security tutorial