[Python-ideas] Add adaptive-load salt-mandatory hashing functions?
Christian Heimes
lists at cheimes.de
Mon Jun 11 15:41:18 CEST 2012
Am 11.06.2012 12:03, schrieb Nick Coghlan:
> Thanks for the link Christian, it does appear this particular wheel
> has already been thoroughly invented. I'll be recommending passlib for
> use by others in the future and look into adopting it for my own
> projects.
You are welcome! I'm using passlib for about two years and really like
its API. PyPI surprises now and then with its hidden gems. I wished we
had a way to draw more attention to good solutions, something like
"official endorsed projects" or so.
> However, password hashing is an important and common enough problem
> that it would be good to have some basic level of support in the
> standard library, with a clear migration path to a more feature
> complete approach like passlib.
>
> It would be good if someone was willing to do the work of raising this
> discussion with the passlib authors, and looking to see if a suitably
> stable core could be extracted that is API compatible with passlib,
> and could be proposed as a standard library addition for 3.4.
That's a nice idea, Nick! I've added one of the two core developers of
passlib to the CC list. The other one doesn't have his/her email address
exposed on Google Code.
A stripped down and API compatible version of passlib would make a good
addition for Python's standard library. IMHO the complete passlib
package is too big for the core. The context API and handlers for
bcrypt, pbkdf2 and sha*_crypt are sufficient. Developers can still
install passlib if they need all features.
We need to come up with a different name (passhash ?) for the stdlib
variant.
Christian
More information about the Python-ideas
mailing list