02.02.18 18:18, Guido van Rossum пише:
I'm all for nudging people in the direction of xcrypt. I assume we can't
just switch the C-level crypt with xcrypt and leave the Python API
unchanged?
However until a usable solution exist (either in the stdlib or as 3rd
party) I don't think we should deprecate anything (deprecating things
before the replacement is ready is stressful for everyone involved).
I'm also not sure I agree with removing support for old hashes. By all
means put in the docs that they are unsafe. But if someone has a
database full of old hashes it would be nice to be able to at least
read/verify it, right?
Was a release already made with blowfish, extended DES and NT-Hash? (And
what's so bad with blowfish? It's mentioned in the heading of the xcrypt
project too.)
To clarify, extended DES and NT-Hash were not added. They were removed
from my PR after Christians request. Only the Blowfish method was added,
and it is so strong as SHA-2 methods. It is the only method supported on
OpenBSD.
This PR is not a single enhancement made in the crypt module recently. I
also extended tests and added support for configuring SHA-2 methods.
There is an open PR (not merged before 3.7b1 unfortunately) for using
crypt_r() instead of crypt(): https://bugs.python.org/issue28503.
If deprecate the crypt module, should modules pwd, grp and spwd be
deprecated too? The crypt module is needed for checking password hashes
provided by spwd.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
