Message 274833 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	alex
Recipients	alex, benjamin.peterson, christian.heimes, gregory.p.smith, python-dev, xiang.zhang
Date	2016-09-07.16:44:08
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAFRnB2UoFybALX=M47NeA_-sPsH0iCZQadYasvYo_UZ+p2xzqQ@mail.gmail.com>
In-reply-to	<1473265733.840753.718597761.0A18DEE0@webmail.messagingengine.com>

Content
OpenSSL supports scrypt On Sep 7, 2016 12:28 PM, "Benjamin Peterson" <report@bugs.python.org> wrote: > > Benjamin Peterson added the comment: > > Why are we adding scrypt and not argon2 anyway? > > On Wed, Sep 7, 2016, at 03:25, Christian Heimes wrote: > > > > Christian Heimes added the comment: > > > > Benjamin, what's your take on Alex's suggestion? > > > > <Crys> gutworth: Alex_Gaynor has asked me if hashlib.scrypt() can go into > > 2.7, too. It's a password-based KDF like hashlib.pbkdf2() but more secure > > than PBKDF2. It requires OpenSSL 1.1.0. > > <Alex_Gaynor> gutworth: I think it'd be good if this were approved, for > > the same reasons as PEP466 > > <Crys> contrary to PKBDF2 it doesn't make sense to have a pure-Python > > implementation. scrypt uses ChaCha20 cipher. I don't want to add a cipher > > to CPython core (possible legal issue) and it's not available in OpenSSL > > < 1.1.0. > > > > ---------- > > nosy: +benjamin.peterson > > versions: +Python 2.7 > > > > _______________________________________ > > Python tracker <report@bugs.python.org> > > <http://bugs.python.org/issue27928> > > _______________________________________ > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue27928> > _______________________________________ >

OpenSSL supports scrypt

On Sep 7, 2016 12:28 PM, "Benjamin Peterson" <report@bugs.python.org> wrote:

>
> Benjamin Peterson added the comment:
>
> Why are we adding scrypt and not argon2 anyway?
>
> On Wed, Sep 7, 2016, at 03:25, Christian Heimes wrote:
> >
> > Christian Heimes added the comment:
> >
> > Benjamin, what's your take on Alex's suggestion?
> >
> > <Crys> gutworth: Alex_Gaynor has asked me if hashlib.scrypt() can go into
> > 2.7, too. It's a password-based KDF like hashlib.pbkdf2() but more secure
> > than PBKDF2. It requires OpenSSL 1.1.0.
> > <Alex_Gaynor> gutworth: I think it'd be good if this were approved, for
> > the same reasons as PEP466
> > <Crys> contrary to PKBDF2 it doesn't make sense to have a pure-Python
> > implementation. scrypt uses ChaCha20 cipher. I don't want to add a cipher
> > to CPython core (possible legal issue) and it's not available in OpenSSL
> > < 1.1.0.
> >
> > ----------
> > nosy: +benjamin.peterson
> > versions: +Python 2.7
> >
> > _______________________________________
> > Python tracker <report@bugs.python.org>
> > <http://bugs.python.org/issue27928>
> > _______________________________________
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue27928>
> _______________________________________
>

History
Date	User	Action	Args
2016-09-07 16:44:08	alex	set	recipients: + alex, gregory.p.smith, christian.heimes, benjamin.peterson, python-dev, xiang.zhang
2016-09-07 16:44:08	alex	link	issue27928 messages
2016-09-07 16:44:08	alex	create