[Python-ideas] Add adaptive-load salt-mandatory hashing functions?
lists at cheimes.de
Mon Jun 11 15:41:18 CEST 2012
Am 11.06.2012 12:03, schrieb Nick Coghlan:
> Thanks for the link Christian, it does appear this particular wheel
> has already been thoroughly invented. I'll be recommending passlib for
> use by others in the future and look into adopting it for my own
You are welcome! I'm using passlib for about two years and really like
its API. PyPI surprises now and then with its hidden gems. I wished we
had a way to draw more attention to good solutions, something like
"official endorsed projects" or so.
> However, password hashing is an important and common enough problem
> that it would be good to have some basic level of support in the
> standard library, with a clear migration path to a more feature
> complete approach like passlib.
> It would be good if someone was willing to do the work of raising this
> discussion with the passlib authors, and looking to see if a suitably
> stable core could be extracted that is API compatible with passlib,
> and could be proposed as a standard library addition for 3.4.
That's a nice idea, Nick! I've added one of the two core developers of
passlib to the CC list. The other one doesn't have his/her email address
exposed on Google Code.
A stripped down and API compatible version of passlib would make a good
addition for Python's standard library. IMHO the complete passlib
package is too big for the core. The context API and handlers for
bcrypt, pbkdf2 and sha*_crypt are sufficient. Developers can still
install passlib if they need all features.
We need to come up with a different name (passhash ?) for the stdlib
More information about the Python-ideas