[Python-ideas] Add adaptive-load salt-mandatory hashing functions?

Christian Heimes lists at cheimes.de
Mon Jun 11 22:39:32 CEST 2012

Am 11.06.2012 22:21, schrieb Guido van Rossum:
> Is there any indication that Python was involved in last week's
> incidents? (I'm only aware of the Linkedin one -- were there others?)

No, zero Pythons were harmed. The other victims were last.fm and
eHarmony. Surprisingly, Sony wasn't hacked last week! *scnr*

> Do you really think that including some API in the stdlib is going to
> make a difference in education? And what would we do if in 2 years
> time the stdlib's "basic functionality" were somehow compromised (not
> due to a bug in Python's implementation but simply through some
> advance in the crypto world) -- how would we get everyone who relied
> on the stdlib to switch to a different algorithm? I really think that
> the right approach here is to get *everyone* who needs this to use a
> 3rd party library. Diversity is very good here!


I'm against adding just the password hashing algorithms. Developers can
easily screw up right algorithm with a erroneous approach. It's the
beauty of passlib: The framework hides all the complex and
easy-to-get-wrong stuff behind a minimal API.


More information about the Python-ideas mailing list