classification
Title: Add support for yescrypt in crypt.
Type: enhancement Stage: patch review
Components: Library (Lib) Versions: Python 3.11
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: besser82, christian.heimes, jafo
Priority: normal Keywords: patch

Created on 2021-06-04 11:10 by besser82, last changed 2021-06-05 10:11 by christian.heimes.

Pull Requests
URL Status Linked Edit
PR 26526 open besser82, 2021-06-04 11:10
PR 26527 closed besser82, 2021-06-04 11:28
Messages (2)
msg395073 - (view) Author: Björn Esser (besser82) * Date: 2021-06-04 11:10
Proposed PR adds support for a new method in the crypt module:

yescrypt. It is considered stronger as SHA512 or blowfish and as strong as argon2 for crypt() purpose. The hashing method was developed by the author of the blowfish crypt method, and was based on scrypt. It is supported on most Linux distributions, that ship with libxcrypt as a replacement for the glibc crypt library: Fedora, Debian, Ubuntu, OpenSUSE and many others.
msg395160 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-06-05 10:11
I'm against adding additional methods to the crypt module.

- libcrypt / libxcrypt are unreliable providers. The library is only available on Unix-like platforms, not on Windows. Available algorithms are not consistent, e.g. some platforms only provide old, bad implementations. Others only support a limited subset or disable some algorithms in their crypto policies.
- We still plan to deprecate and remove the crypt module because it's not reliable.

I suggest that you rather create a PyPI package with yescrypt implementation that does not rely on libcrypt.
History
Date User Action Args
2021-06-05 10:11:05christian.heimessetmessages: + msg395160
2021-06-05 09:39:56serhiy.storchakasetnosy: + christian.heimes

versions: + Python 3.11, - Python 3.10
2021-06-04 21:16:55terry.reedysetnosy: + jafo
2021-06-04 11:28:03besser82setkeywords: + patch
stage: patch review
pull_requests: + pull_request25121
2021-06-04 11:10:39besser82settype: enhancement
2021-06-04 11:10:28besser82create