[Cryptography-dev] High-level password hashing module for cryptography?
Frank Siebenlist
frank.siebenlist at gmail.com
Tue Jun 21 00:59:02 EDT 2016
passlib looks like a very comprehensive library for password(-hash) management.
However, a number of warts were discussed in this issue:
https://github.com/pyca/cryptography/issues/1149
Some nuggets from that discussion: passlib relies on m2crypto for
openssl support (m2crypto has its own warts), no external backend
support for python 3, and the observation that the best solution may
be cryptography becoming a configurable backend for passlib. What
worries me also is that I do not see a lot of active development
lately on passlib.
In the mean time, I see that the latest versions of both python 2&3
have support for pbkdf2 that also seems to rely on openssl.
How does that compare to pyca/cryptography's?
My plan was to find a good, well vetted, as fast as possible pbkdf2
implementation, and migrate to argon2 once its implementation is
ready. I do recognize that just those implementations are not enough,
and that support for migration to different algos and work-factors are
very important.
Too many imperfect solutions... it's like real life ;-)
Could use some more advise or suggestions...
Thanks, Frank.
On Wed, Jun 15, 2016 at 11:12 AM, Frank Siebenlist
<frank.siebenlist at gmail.com> wrote:
> Hi Daniel - Thanks for the pointer! - Didn't know about this passlib
> effort and it looks very comprehensive - I'll take a closer look -
> Regards, Frank.
>
> On Wed, Jun 15, 2016 at 9:09 AM, Daniel Neuhäuser
> <ich at danielneuhaeuser.de> wrote:
>> You should take a look at Passlib[1]. It provides support for all algorithms worth recommending (except argon2, though that will probably change in the future). It has a high level API, so you don’t have to know about the details of the algorithm. It can also perform upgrades to new algorithms or different configurations during verification.
>>
>> [1]: https://pythonhosted.org/passlib/
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
More information about the Cryptography-dev
mailing list