passlib looks like a very comprehensive library for password(-hash) management.
However, a number of warts were discussed in this issue: https://github.com/pyca/cryptography/issues/1149 Some nuggets from that discussion: passlib relies on m2crypto for openssl support (m2crypto has its own warts), no external backend support for python 3, and the observation that the best solution may be cryptography becoming a configurable backend for passlib. What worries me also is that I do not see a lot of active development lately on passlib. In the mean time, I see that the latest versions of both python 2&3 have support for pbkdf2 that also seems to rely on openssl. How does that compare to pyca/cryptography's? My plan was to find a good, well vetted, as fast as possible pbkdf2 implementation, and migrate to argon2 once its implementation is ready. I do recognize that just those implementations are not enough, and that support for migration to different algos and work-factors are very important. Too many imperfect solutions... it's like real life ;-) Could use some more advise or suggestions... Thanks, Frank. On Wed, Jun 15, 2016 at 11:12 AM, Frank Siebenlist <frank.siebenl...@gmail.com> wrote: > Hi Daniel - Thanks for the pointer! - Didn't know about this passlib > effort and it looks very comprehensive - I'll take a closer look - > Regards, Frank. > > On Wed, Jun 15, 2016 at 9:09 AM, Daniel Neuhäuser > <i...@danielneuhaeuser.de> wrote: >> You should take a look at Passlib[1]. It provides support for all algorithms >> worth recommending (except argon2, though that will probably change in the >> future). It has a high level API, so you don’t have to know about the >> details of the algorithm. It can also perform upgrades to new algorithms or >> different configurations during verification. >> >> [1]: https://pythonhosted.org/passlib/ >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev@python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
