[Python-ideas] Add adaptive-load salt-mandatory hashing functions?

Nick Coghlan ncoghlan at gmail.com
Sun Jun 10 17:28:20 CEST 2012

On Mon, Jun 11, 2012 at 12:17 AM, Simon Sapin <simon.sapin at kozea.fr> wrote:
> Le 10/06/2012 15:05, Masklinn a écrit :
>> The standard library already provides for cryptographic hashes (hashlib)
>> and MACs (hmac).
>> [snip]
>> Therefore, I would suggest either adding a new module (name tbd) or
>> adding new constructors to hashlib.
> PBKDF2 can be implemented in 15 lines of code based on the hmac and hashlib
> modules:
> https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py
> Although the code is short, it is easy to get wrong. So I think it would be
> nice to have in the stdlib, tested once and for all.
> Also, PBKDF2 is a well-defined spec that will not change (or it will be
> called PBKDF3 or something) which I think makes it a good fit for the
> stdlib.
> I would suggest to have Armin’s implementation (linked above) included
> as-is, but it’s probably too late for 3.3.

It's cutting it very fine relative to the beta feature freeze (which
is in a couple of weeks), but it could still make it in as a very
reasonable addition to the standard library.

The hmac module has already been enhanced with a "secure_compare"
function for 3.3 to perform string and byte sequence comparisons that
don't leak as much information about the expected result under timing
attacks (it still leaks the expected length, but beyond that the
running time of the comparison should be constant for a given digest

Since the PBKDF2 key derivation requires hmac, and hmac depends on
hashlib (to provide the default hash algorithm for hmac.HMAC), I
believe the best way to expedite this would be to:

1. Create an issue on bugs.python.org proposing just the binary
version of pbkdf2 as an enhancement to hmac
2. Attach a patch that updates Lib/hmac.py, Lib/test/test_hmac.py and
Doc/library/hmac.rst accordingly (this will likely require changes to
work with bytes rather than 2.x strings)
3. Adds a "min_salt_len" parameter to discourage short salt values
(rather than the "weak_salt" boolean flag suggested by Masklinn)
4. Post to python-dev proposing the addition of that function for Python 3

Having needed a key derivation function myself not that long ago, and
with the recent high profile password database breaches Masklinn
noted, this seems like a very reasonable addition to me.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-ideas mailing list