Message274830
Why are we adding scrypt and not argon2 anyway?
On Wed, Sep 7, 2016, at 03:25, Christian Heimes wrote:
>
> Christian Heimes added the comment:
>
> Benjamin, what's your take on Alex's suggestion?
>
> <Crys> gutworth: Alex_Gaynor has asked me if hashlib.scrypt() can go into
> 2.7, too. It's a password-based KDF like hashlib.pbkdf2() but more secure
> than PBKDF2. It requires OpenSSL 1.1.0.
> <Alex_Gaynor> gutworth: I think it'd be good if this were approved, for
> the same reasons as PEP466
> <Crys> contrary to PKBDF2 it doesn't make sense to have a pure-Python
> implementation. scrypt uses ChaCha20 cipher. I don't want to add a cipher
> to CPython core (possible legal issue) and it's not available in OpenSSL
> < 1.1.0.
>
> ----------
> nosy: +benjamin.peterson
> versions: +Python 2.7
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue27928>
> _______________________________________ |
|
Date |
User |
Action |
Args |
2016-09-07 16:28:56 | benjamin.peterson | set | recipients:
+ benjamin.peterson, gregory.p.smith, christian.heimes, alex, python-dev, xiang.zhang |
2016-09-07 16:28:56 | benjamin.peterson | link | issue27928 messages |
2016-09-07 16:28:56 | benjamin.peterson | create | |
|