[Python-ideas] Add adaptive-load salt-mandatory hashing functions?
Nick Coghlan
ncoghlan at gmail.com
Sun Jun 10 18:11:04 CEST 2012
On Mon, Jun 11, 2012 at 1:52 AM, Masklinn <masklinn at masklinn.net> wrote:
> On 2012-06-10, at 17:28 , Nick Coghlan wrote:
>> 1. Create an issue on bugs.python.org proposing just the binary
>> version of pbkdf2 as an enhancement to hmac
>
> Although it makes sense from a dependency POV, I'm not sure it's the
> best place to put it as people in need of knowing about PBKDF2 would
> be more likely to be browsing hashlib, and — more importantly — PBKDF2
> isn't a MAC, the usage of hmac underlying it being mostly incidental.
>
> If PBKDF2 alone is added, I think putting it in its own module
> (parallel to hmac) would be cleaner, *that* can be deprecated if
> more cryptographic hashes of that style (e.g. bcrypt, scrypt) are
> added later on in the style of md5 -> hashlib.
Yeah, you're probably right. Either a new module, or else in "getpass"
(either way, with a cross-reference from hashlib).
Wherever it ends up, it should also reference hmac.secure_compare for
a comparison function that doesn't allowing timing attacks to
progressively discover the expected hash.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-ideas
mailing list