Author benjamin.peterson
Recipients alex, benjamin.peterson, christian.heimes, gregory.p.smith, python-dev, xiang.zhang
Date 2016-09-07.16:28:56
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1473265733.840753.718597761.0A18DEE0@webmail.messagingengine.com>
In-reply-to <1473243919.01.0.488242018304.issue27928@psf.upfronthosting.co.za>
Content
Why are we adding scrypt and not argon2 anyway?

On Wed, Sep 7, 2016, at 03:25, Christian Heimes wrote:
> 
> Christian Heimes added the comment:
> 
> Benjamin, what's your take on Alex's suggestion?
> 
> <Crys> gutworth: Alex_Gaynor has asked me if hashlib.scrypt() can go into
> 2.7, too. It's a password-based KDF like hashlib.pbkdf2() but more secure
> than PBKDF2. It requires OpenSSL 1.1.0.
> <Alex_Gaynor> gutworth: I think it'd be good if this were approved, for
> the same reasons as PEP466
> <Crys> contrary to PKBDF2 it doesn't make sense to have a pure-Python
> implementation. scrypt uses ChaCha20 cipher. I don't want to add a cipher
> to CPython core (possible legal issue) and it's not available in OpenSSL
> < 1.1.0.
> 
> ----------
> nosy: +benjamin.peterson
> versions: +Python 2.7
> 
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue27928>
> _______________________________________
History
Date User Action Args
2016-09-07 16:28:56benjamin.petersonsetrecipients: + benjamin.peterson, gregory.p.smith, christian.heimes, alex, python-dev, xiang.zhang
2016-09-07 16:28:56benjamin.petersonlinkissue27928 messages
2016-09-07 16:28:56benjamin.petersoncreate