[Python-ideas] Strong password hashing algorithms in the standard library
Terry Chia
terrycwk1994 at gmail.com
Wed Jan 8 12:42:23 CET 2014
That's great!
Are there any plans to also include algorithms like bcrypt and scrypt given
that they are stronger than pbkdf2 for GPU/FPGA-using attackers?
Also, can the same warning be placed on older documentations like the 2.7
one given the large amount of people still using 2.7?
On Wed, Jan 8, 2014 at 7:30 PM, Ronald Oussoren <ronaldoussoren at mac.com>wrote:
>
>
> On Jan 08, 2014, at 11:17 AM, Terry Chia <terrycwk1994 at gmail.com> wrote:
>
> Hi all,
>
> I would like to propose that a new library for strong password hashing
> algorithms[1]
> be included in the standard library. The proposed library should have
> implementations
> of one or more strong password hashes like pbkdf2, bcrypt or scrypt.
>
> There already exist third party libraries like passlib[2] that
> accomplishes the same thing
> but I feel that inclusion of the algorithms in the standard library would
> do a lot to help
> people that are not as security-aware to do the right thing when it comes
> to password
> storage.
>
> Alternatively, if the idea of adding the algorithms into the standard
> library does not have
> much support, I would like to see a warning added to the hashlib[3]
> documentation
> discouraging its use for password hashing.
>
>
> Python 3.4 will include hash lib.pbkdf2_hmac, see <
> http://docs.python.org/3.4/library/hashlib.html#key-derivation-function>.
> That documentation also warns about using a plain hash function for
> creating password hashes.
>
> Ronald
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20140108/3c140426/attachment.html>
More information about the Python-ideas
mailing list