What was the motivation for writing your own library instead of improving the version in python itself? Personally I do not see much gain, if you have to install a dependency, you could as well just install bcrypt or argon2 and ditch pbkdf2. For those people where it really makes a difference, a custom backend as you already have should be just fine.
On Saturday, August 20, 2016 at 1:53:21 PM UTC+2, Terry Chia wrote: > > Greetings, > > 11 months ago, I opened a ticket (#25395) on the bug tracker about > potentially adding a dependency on python-fastpbkdf2, a library I wrote and > maintain that provides a faster implementation of PBKDF2 than the stdlib > while maintaining API compatibility. Tim rightly pointed out that he was > hesitant to add a dependency on a new library in a security-sensitive area > and suggested that I write to this list to gather feedback. Sadly, I got > really busy with work and neglected to follow up on it at that point in > time. > > 11 months later, I am hoping to open up the discussion again. In that time > period, passlib has opted to add a optional dependency on the library [0], > there has been a third party library that integrates python-fastpbkdf2 with > Django[1] and having used it in a number of internal projects, it is > definitely stable. I have a patch ready to go if the interest is there. > > So Django developers, what do you think? > > [0]: > https://bitbucket.org/ecollins/passlib/issues/67/add-an-optional-dependency-on-python > [1]: https://github.com/smartfile/django-fastpbkdf2 > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/df8a97cb-0999-4711-80a2-fa13b456af2c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
