Message 216728 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	aronacher
Recipients	aronacher
Date	2014-04-17.18:44:52
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1397760292.99.0.128790868195.issue21288@psf.upfronthosting.co.za>
In-reply-to

Content
Is there a specific reason why hashlib.pbkdf2_hmac now has a completely inconsistent API with the rest of the stdlib? So far the concept in both hashlib and hmac has been to accept hash constructors as parameters. As such you would expect the API to look like this: hashlib.pbkdf2_hmac(hashlib.sha256, b'password', b'salt', 100000) Instead the API now is string based. This is annoying because a lot of code already in the past exposed a pbkdf2 implementation that allows passing in a hashlib constructor by passing it to HMAC. If such code now wants to use the stdlib pbkdf2_hmac implementation it has to special case known implementations. If a non known implementation is found it needs to dispatch to a separate implementation of PBKDF2. In addition to that there is no nice way to detect if a algorithm is not supported as the exception raised for an invalid algorithm is the same as an invalid parameter for the iteration count (ValueError). I would propose to change the API to allow hash constructors to be passed in in addition to strings.

Is there a specific reason why hashlib.pbkdf2_hmac now has a completely inconsistent API with the rest of the stdlib?  So far the concept in both hashlib and hmac has been to accept hash constructors as parameters.

As such you would expect the API to look like this:

hashlib.pbkdf2_hmac(hashlib.sha256, b'password', b'salt', 100000)

Instead the API now is string based.

This is annoying because a lot of code already in the past exposed a pbkdf2 implementation that allows passing in a hashlib constructor by passing it to HMAC.

If such code now wants to use the stdlib pbkdf2_hmac implementation it has to special case known implementations.  If a non known implementation is found it needs to dispatch to a separate implementation of PBKDF2.

In addition to that there is no nice way to detect if a algorithm is not supported as the exception raised for an invalid algorithm is the same as an invalid parameter for the iteration count (ValueError).

I would propose to change the API to allow hash constructors to be passed in in addition to strings.

History
Date	User	Action	Args
2014-04-17 18:44:53	aronacher	set	recipients: + aronacher
2014-04-17 18:44:52	aronacher	set	messageid: <1397760292.99.0.128790868195.issue21288@psf.upfronthosting.co.za>
2014-04-17 18:44:52	aronacher	link	issue21288 messages
2014-04-17 18:44:52	aronacher	create