[Python-ideas] Add adaptive-load salt-mandatory hashing functions?

Masklinn masklinn at masklinn.net
Sun Jun 10 20:35:35 CEST 2012

On 2012-06-10, at 20:24 , Simon Sapin wrote:

> Le 10/06/2012 20:11, Masklinn a écrit :
>> [...] when there's no code yet
>> I'll try to get something done first
> There is code, with tests. Here is the link I posted earlier in this thread:
> https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py

Yes, I've seen it, but

1. I'll need to talk to Armin about using that code (which is why I CC'd
   him to the list when I responded to Nick's response to your comment),
   or have him do it, I don't think anybody is going to take his code
   without even asking for consent and try to push it into the stdlib

2. The interface is simple, but painful. Just look at the comment at the top:

        3.  Store ``algorithm$salt:costfactor$hash`` in the database so that
        you can upgrade later easily to a different algorithm if you need
        one.  For instance ``PBKDF2-256$thesalt:10000$deadbeef...``.

   if we know what's supposed to be done, how about just doing it and
   returning *that*? If it goes into the stdlib, I'd like to have
   something non-cryptographers can use easily, correctly and without
   making mistakes. Then there's the issue of implementing the equality
   test, extracting stuff from that storage string on subsequent auths to
   test for matches. It should be possible to do all that in a single
   user-facing operations, no munging about in user's code.

3. The test suite needs to be converted to the stdlib's format

4. The documentation needs to be written

More information about the Python-ideas mailing list