[Python-Dev] Deprecate crypt module and revert PR 3854
Christian Heimes
christian at python.org
Sat Feb 3 07:07:17 EST 2018
More information about the Python-Dev mailing list
Sat Feb 3 07:07:17 EST 2018
- Previous message (by thread): [Python-Dev] Deprecate crypt module and revert PR 3854
- Next message (by thread): [Python-Dev] Deprecate crypt module and revert PR 3854
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2018-02-02 17:18, Guido van Rossum wrote: > I'm all for nudging people in the direction of xcrypt. I assume we can't > just switch the C-level crypt with xcrypt and leave the Python API > unchanged? > > However until a usable solution exist (either in the stdlib or as 3rd > party) I don't think we should deprecate anything (deprecating things > before the replacement is ready is stressful for everyone involved). > > I'm also not sure I agree with removing support for old hashes. By all > means put in the docs that they are unsafe. But if someone has a > database full of old hashes it would be nice to be able to at least > read/verify it, right? > > Was a release already made with blowfish, extended DES and NT-Hash? (And > what's so bad with blowfish? It's mentioned in the heading of the xcrypt > project too.) I answered some of your questions in other replies and will answer the remaining concerns on Monday. You suggested a 3rd party module. I have cloned the crypt module with Serhiy's improvements and turned it into a standalone module with a ctypes interface, https://github.com/tiran/legacycrypt . I'll release the package as soon as I find time to polish the documentation and give Serhiy his will deserved credit for his work. Christian
- Previous message (by thread): [Python-Dev] Deprecate crypt module and revert PR 3854
- Next message (by thread): [Python-Dev] Deprecate crypt module and revert PR 3854
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list