[Python-Dev] Right place for PBKDF2 wrapper
Georg Brandl
g.brandl at gmx.net
Sat Oct 12 20:06:45 CEST 2013
Am 12.10.2013 19:37, schrieb Antoine Pitrou:
> On Sat, 12 Oct 2013 19:19:44 +0200
> Christian Heimes <christian at python.org> wrote:
>> Hi,
>>
>> I have written a interface to OpenSSL's PKCS5_PBKDF2_HMAC() function. It
>> implements PKCS#5's password based key derivation function 2 with HMAC
>> as pseudo-random function. It supports any digest that is supported by
>> OpenSSL, e.g. SHA-1, SHA-256 and SHA-512. It's a low level inteface that
>> takes the digest as unicode name, password and salt as bytes/buffer,
>> keylen and rounds as int.
>>
>> I'd like to add the feature to Python 3.4. Now I'm looking for a good
>> place to put it and some high level functions. In the future I like to
>> add scrypt and bcrypt key stretching and key derivation functions, too.
>> What's a good place for them??
>>
>> * add a new ``kdf`` module (key derivation function)
>> * add PBKDF2 to ``hashlib``
>> * make ``hashlib`` a package and add PBKDF2 to a new ``hashlib.kdf`` module
>> * make ``hashlib`` a package and add PBKDF2 to a new ``hashlib.pbkdf2``
>> module
>> * make ``crypt`` work under Windows and add PKBDF2 to it
>
> Putting it in "hashlib" sounds fine. There's no reason to create a
> myriad of small separate modules.
Maybe it's a good idea to expose HMAC through hashlib as well, and deprecate
the standalone module at some point?
Georg
More information about the Python-Dev
mailing list