[Python-ideas] Add adaptive-load salt-mandatory hashing functions?
Christian Heimes
lists at cheimes.de
Thu Jun 14 00:33:51 CEST 2012
Am 13.06.2012 22:38, schrieb Barry Warsaw:
> I'd love to have a PBKDF2 implementation in the stdlib. My flufl.password
> module has an implementation donated by security expert Bob Fleck. Any
> insecure implementation bugs are solely blamed on me though. ;)
>
> http://bazaar.launchpad.net/~barry/flufl.password/trunk/view/head:/flufl/password/schemes.py#L171
>
> The API is a little odd because it fits into the larger API for
> flufl.password, but if it's useful, I'd happily cleanup and donate the code
> for the stdlib. OTOH, I'd be just as happy (maybe more) to get rid of it in
> favor of a stdlib implementation.
At first glance your implementation is vulnerable to side channel
attacks because you aren't using a constant time equality function. Also
you are using the least secure variant of PBKDF2 (SHA-1 instead of
SHA-256 or SHA-512). At least you are using os.urandom() as source for
the salt, which is usually fine.
Passlib supports the LDAP variants, too. [1] Outside of LDAP the
established notation is $pbkdf2-digest$rounds$salt$checksum.
Christian
[1]
http://packages.python.org/passlib/lib/passlib.hash.ldap_pbkdf2_digest.html
More information about the Python-ideas
mailing list