This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Python implementation of PBKDF2_HMAC
Type: enhancement Stage: resolved
Components: Library (Lib) Versions: Python 3.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, pitrou, python-dev, serhiy.storchaka, skrah
Priority: normal Keywords: patch

Created on 2013-10-13 21:31 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
pbkdf2_py.patch christian.heimes, 2013-10-13 21:31 review
pbkdf2_py2.patch christian.heimes, 2013-10-14 10:33 review
pbkdf2_py3.patch christian.heimes, 2013-10-14 10:58 review
Messages (7)
msg199808 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-13 21:31
The patch provides a Python implementation of pbkdf2_hmac with Python's hmac module. Although I'm using some tricks it's more than six times slower than OpenSSL's implementation.
msg199859 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-14 10:33
Here is an optimized version with inline HMAC.

Contrary to the implementations in OpenSSL, PyCrypto, and pbkdf2.py the length of the password has almost no impact on the runtime of my implementation.
msg199863 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-14 10:58
I have optimized XOR and now it's even faster than OpenSSL's code for reasonable long passwords. :(
msg199876 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-10-14 11:58
> I have optimized XOR and now it's even faster than OpenSSL's code for
> reasonable long passwords. :(

Uh... and it gives the right results? Perhaps OpenSSL should be reimplemented in Python :-)

If your code is resistant to timing attacks, I suppose we don't need the C implementation anymore? Or does it have a larger startup cost?
(what is a "reasonably long password" for you? 10 chars or 64? :-))
msg199881 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-10-14 12:40
Christian, does you noticed my comments on Rietveld?
msg200408 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-10-19 12:12
New changeset e73627483d2f by Christian Heimes in branch 'default':
Issue #19254: Provide an optimized Python implementation of PBKDF2_HMAC
http://hg.python.org/cpython/rev/e73627483d2f
msg200409 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-19 12:13
Serhiy, I have taken your review into account. I still need to use memoryview() in order to handle all types that are supported by the format char "y*".
History
Date User Action Args
2022-04-11 14:57:51adminsetgithub: 63453
2013-10-19 12:13:41christian.heimessetstatus: open -> closed
messages: + msg200409

components: + Library (Lib)
resolution: fixed
stage: patch review -> resolved
2013-10-19 12:12:12python-devsetnosy: + python-dev
messages: + msg200408
2013-10-14 12:40:09serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg199881
2013-10-14 11:58:39pitrousetnosy: + pitrou
messages: + msg199876
2013-10-14 11:02:43skrahsetnosy: + skrah
2013-10-14 10:58:40christian.heimessetfiles: + pbkdf2_py3.patch

messages: + msg199863
2013-10-14 10:33:34christian.heimessetfiles: + pbkdf2_py2.patch

messages: + msg199859
2013-10-13 21:31:20christian.heimescreate