Author benjamin.peterson
Recipients alex, benjamin.peterson, christian.heimes, gregory.p.smith, python-dev, xiang.zhang
Date 2016-09-07.17:01:57
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1473267714.850188.718635721.06CE91FF@webmail.messagingengine.com>
In-reply-to <CAFRnB2UoFybALX=M47NeA_-sPsH0iCZQadYasvYo_UZ+p2xzqQ@mail.gmail.com>
Content
PEP 466 is explicitly not blanket approval for backporting All The
Things to 2.7. The only justification for pbkdf2 in PEP 466 is to "lower
the barriers to secure password storage and checking in Python 2 server
applications". While scrypt is probably a bit better, applications using
pkbdf2 are still in a much better situation than ones using, e.g., a
naïve salted hash.

There is a self-contained, easily-installable scrypt module on PyPI.
History
Date User Action Args
2016-09-07 17:01:57benjamin.petersonsetrecipients: + benjamin.peterson, gregory.p.smith, christian.heimes, alex, python-dev, xiang.zhang
2016-09-07 17:01:57benjamin.petersonlinkissue27928 messages
2016-09-07 17:01:57benjamin.petersoncreate