This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author aronacher
Recipients aronacher
Date 2014-04-17.18:44:52
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Is there a specific reason why hashlib.pbkdf2_hmac now has a completely inconsistent API with the rest of the stdlib?  So far the concept in both hashlib and hmac has been to accept hash constructors as parameters.

As such you would expect the API to look like this:

hashlib.pbkdf2_hmac(hashlib.sha256, b'password', b'salt', 100000)

Instead the API now is string based.

This is annoying because a lot of code already in the past exposed a pbkdf2 implementation that allows passing in a hashlib constructor by passing it to HMAC.

If such code now wants to use the stdlib pbkdf2_hmac implementation it has to special case known implementations.  If a non known implementation is found it needs to dispatch to a separate implementation of PBKDF2.

In addition to that there is no nice way to detect if a algorithm is not supported as the exception raised for an invalid algorithm is the same as an invalid parameter for the iteration count (ValueError).

I would propose to change the API to allow hash constructors to be passed in in addition to strings.
Date User Action Args
2014-04-17 18:44:53aronachersetrecipients: + aronacher
2014-04-17 18:44:52aronachersetmessageid: <>
2014-04-17 18:44:52aronacherlinkissue21288 messages
2014-04-17 18:44:52aronachercreate