[Python-ideas] Strong password hashing algorithms in the standard library

Ronald Oussoren ronaldoussoren at mac.com
Wed Jan 8 12:30:12 CET 2014



On Jan 08, 2014, at 11:17 AM, Terry Chia <terrycwk1994 at gmail.com> wrote:

Hi all,

I would like to propose that a new library for strong password hashing algorithms[1]
be included in the standard library. The proposed library should have implementations
of one or more strong password hashes like pbkdf2, bcrypt or scrypt.

There already exist third party libraries like passlib[2] that accomplishes the same thing
but I feel that inclusion of the algorithms in the standard library would do a lot to help
people that are not as security-aware to do the right thing when it comes to password
storage.

Alternatively, if the idea of adding the algorithms into the standard library does not have
much support, I would like to see a warning added to the hashlib[3] documentation
discouraging its use for password hashing.
 
Python 3.4 will include hash lib.pbkdf2_hmac, see <http://docs.python.org/3.4/library/hashlib.html#key-derivation-function>. That documentation also warns about using a plain hash function for creating password hashes.

Ronald

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20140108/95c37bf4/attachment.html>


More information about the Python-ideas mailing list