Title: Allow to specify the number of rounds for SHA-* hashing in crypt
Type: enhancement Stage:
Components: Library (Lib) Versions: Python 3.7
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, dstufft, gregory.p.smith, jafo, serhiy.storchaka
Priority: normal Keywords:

Created on 2017-10-05 12:32 by serhiy.storchaka, last changed 2017-10-05 12:32 by serhiy.storchaka.

Messages (1)
msg303760 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-10-05 12:32
Blowfish salt should contain the binary logarithm of the number of rounds (from 4 to 31) (see issue31664). SHA-* salt can contain an explicit number of rounds in the form '$rounds={value}$'. It is bound to the range from 1000 to 999999999, the default is 5000.

I propose to allow to specify the number of rounds in generated salt for SHA-* methods as well as for Blowfish. For unifying interface we can specify the number of rounds instead of its logarithm for Blowfish, and calculate the logarithm internally.

The question is what to do with the value that is not a power of two for Blowfish. Should we raise an error or silently replace it with the upper power of two?
Date User Action Args
2017-10-05 12:32:52serhiy.storchakacreate