Code Room
Code reviewMediumcr-g032
Subject Crypto misuseLevel Mid–Senior~20 minCommon in Security · Algorithms & data structures interviewsIndustries Software development

Question

Review this Python user-auth code.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
import hashlib, hmac, os SALT = os.environ['PW_SALT']  # one global salt def hash_pw(password: str) -> str:    return hashlib.sha256((SALT + password).encode()).hexdigest() def check_pw(password: str, stored: str) -> bool:    return hash_pw(password) == stored
Run or narrate your approach, then ask the coach.