[Python-ideas] Add adaptive-load salt-mandatory hashing functions?

Sun Jun 10 17:52:44 CEST 2012

On 2012-06-10, at 17:28 , Nick Coghlan wrote:

> On Mon, Jun 11, 2012 at 12:17 AM, Simon Sapin <simon.sapin at kozea.fr> wrote:
>> Le 10/06/2012 15:05, Masklinn a écrit :
>>> 
>>> The standard library already provides for cryptographic hashes (hashlib)
>>> and MACs (hmac).
>>> 
>>> [snip]
>>> 
>>> 
>>> Therefore, I would suggest either adding a new module (name tbd) or
>>> adding new constructors to hashlib.
>> 
>> 
>> PBKDF2 can be implemented in 15 lines of code based on the hmac and hashlib
>> modules:
>> 
>> https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py
>> 
>> Although the code is short, it is easy to get wrong. So I think it would be
>> nice to have in the stdlib, tested once and for all.
>> 
>> Also, PBKDF2 is a well-defined spec that will not change (or it will be
>> called PBKDF3 or something) which I think makes it a good fit for the
>> stdlib.
>> 
>> I would suggest to have Armin’s implementation (linked above) included
>> as-is, but it’s probably too late for 3.3.
> 
> It's cutting it very fine relative to the beta feature freeze (which
> is in a couple of weeks), but it could still make it in as a very
> reasonable addition to the standard library.
> 
> The hmac module has already been enhanced with a "secure_compare"
> function for 3.3 to perform string and byte sequence comparisons that
> don't leak as much information about the expected result under timing
> attacks (it still leaks the expected length, but beyond that the
> running time of the comparison should be constant for a given digest
> length).
> 
> Since the PBKDF2 key derivation requires hmac, and hmac depends on
> hashlib (to provide the default hash algorithm for hmac.HMAC), I
> believe the best way to expedite this would be to:
> 
> 1. Create an issue on bugs.python.org proposing just the binary
> version of pbkdf2 as an enhancement to hmac

Although it makes sense from a dependency POV, I'm not sure it's the
best place to put it as people in need of knowing about PBKDF2 would
be more likely to be browsing hashlib, and — more importantly — PBKDF2
isn't a MAC, the usage of hmac underlying it being mostly incidental.

If PBKDF2 alone is added, I think putting it in its own module
(parallel to hmac) would be cleaner, *that* can be deprecated if 
more cryptographic hashes of that style (e.g. bcrypt, scrypt) are
added later on in the style of md5 -> hashlib.

> 2. Attach a patch that updates Lib/hmac.py, Lib/test/test_hmac.py and
> Doc/library/hmac.rst accordingly (this will likely require changes to
> work with bytes rather than 2.x strings)
> 3. Adds a "min_salt_len" parameter to discourage short salt values
> (rather than the "weak_salt" boolean flag suggested by Masklinn)
> 4. Post to python-dev proposing the addition of that function for Python 3
> 
> Having needed a key derivation function myself not that long ago, and
> with the recent high profile password database breaches Masklinn
> noted, this seems like a very reasonable addition to me.