[New-bugs-announce] [issue31702] Allow to specify the number of rounds for SHA-* hashing in crypt
Serhiy Storchaka
report at bugs.python.org
Thu Oct 5 08:32:52 EDT 2017
New submission from Serhiy Storchaka <storchaka+cpython at gmail.com>:
Blowfish salt should contain the binary logarithm of the number of rounds (from 4 to 31) (see issue31664). SHA-* salt can contain an explicit number of rounds in the form '$rounds={value}$'. It is bound to the range from 1000 to 999999999, the default is 5000.
I propose to allow to specify the number of rounds in generated salt for SHA-* methods as well as for Blowfish. For unifying interface we can specify the number of rounds instead of its logarithm for Blowfish, and calculate the logarithm internally.
The question is what to do with the value that is not a power of two for Blowfish. Should we raise an error or silently replace it with the upper power of two?
----------
components: Library (Lib)
messages: 303760
nosy: christian.heimes, dstufft, gregory.p.smith, jafo, serhiy.storchaka
priority: normal
severity: normal
status: open
title: Allow to specify the number of rounds for SHA-* hashing in crypt
type: enhancement
versions: Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue31702>
_______________________________________
More information about the New-bugs-announce
mailing list