Message 274788 - Python tracker

Message274788

Author	christian.heimes
Recipients	alex, benjamin.peterson, christian.heimes, gregory.p.smith, python-dev, xiang.zhang
Date	2016-09-07.10:25:18
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1473243919.01.0.488242018304.issue27928@psf.upfronthosting.co.za>
In-reply-to

Content
Benjamin, what's your take on Alex's suggestion? <Crys> gutworth: Alex_Gaynor has asked me if hashlib.scrypt() can go into 2.7, too. It's a password-based KDF like hashlib.pbkdf2() but more secure than PBKDF2. It requires OpenSSL 1.1.0. <Alex_Gaynor> gutworth: I think it'd be good if this were approved, for the same reasons as PEP466 <Crys> contrary to PKBDF2 it doesn't make sense to have a pure-Python implementation. scrypt uses ChaCha20 cipher. I don't want to add a cipher to CPython core (possible legal issue) and it's not available in OpenSSL < 1.1.0.

Content

Benjamin, what's your take on Alex's suggestion?

<Crys> gutworth: Alex_Gaynor has asked me if hashlib.scrypt() can go into 2.7, too. It's a password-based KDF like hashlib.pbkdf2() but more secure than PBKDF2. It requires OpenSSL 1.1.0.
<Alex_Gaynor> gutworth: I think it'd be good if this were approved, for the same reasons as PEP466
<Crys> contrary to PKBDF2 it doesn't make sense to have a pure-Python implementation. scrypt uses ChaCha20 cipher. I don't want to add a cipher to CPython core (possible legal issue) and it's not available in OpenSSL < 1.1.0.

History
Date	User	Action	Args
2016-09-07 10:25:19	christian.heimes	set	recipients: + christian.heimes, gregory.p.smith, benjamin.peterson, alex, python-dev, xiang.zhang
2016-09-07 10:25:19	christian.heimes	set	messageid: <1473243919.01.0.488242018304.issue27928@psf.upfronthosting.co.za>
2016-09-07 10:25:18	christian.heimes	link	issue27928 messages
2016-09-07 10:25:18	christian.heimes	create