[Python-ideas] Add adaptive-load salt-mandatory hashing functions?
Masklinn
masklinn at masklinn.net
Sun Jun 10 20:35:35 CEST 2012
On 2012-06-10, at 20:24 , Simon Sapin wrote:
> Le 10/06/2012 20:11, Masklinn a écrit :
>> [...] when there's no code yet
>> I'll try to get something done first
>
> There is code, with tests. Here is the link I posted earlier in this thread:
>
> https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py
Yes, I've seen it, but
1. I'll need to talk to Armin about using that code (which is why I CC'd
him to the list when I responded to Nick's response to your comment),
or have him do it, I don't think anybody is going to take his code
without even asking for consent and try to push it into the stdlib
2. The interface is simple, but painful. Just look at the comment at the top:
3. Store ``algorithm$salt:costfactor$hash`` in the database so that
you can upgrade later easily to a different algorithm if you need
one. For instance ``PBKDF2-256$thesalt:10000$deadbeef...``.
if we know what's supposed to be done, how about just doing it and
returning *that*? If it goes into the stdlib, I'd like to have
something non-cryptographers can use easily, correctly and without
making mistakes. Then there's the issue of implementing the equality
test, extracting stuff from that storage string on subsequent auths to
test for matches. It should be possible to do all that in a single
user-facing operations, no munging about in user's code.
3. The test suite needs to be converted to the stdlib's format
4. The documentation needs to be written
More information about the Python-ideas
mailing list