[issue42982] Update suggested number of iterations for pbkdf2_hmac()
Paul Kehrer added the comment: NIST provides no official guidance on iteration count other than NIST SP 800-132 Appendix A.2.2, which states "The number of iterations should be set as high as can be tolerated for the environment, while maintaining acceptable performance." I can think of no better resource for what constitutes acceptable performance at the highest iteration count than popular packages like Django. Django's choice (and lack of evidence that they've had any cause to revert due to performance issues) argues that 390k iterations is a reasonable number in 2022. Certainly the 100k suggested in these docs as of 2013 is no longer best practice as we've seen 9 years of computational improvement in the intervening time. I would, additionally, suggest that the documentation recommend the use of scrypt where possible over any iteration count of PBKDF2, but increasing the iteration count is still a useful improvement to the docs! -- nosy: +reaperhulk ___ Python tracker <https://bugs.python.org/issue42982> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46159] Segfault when using trace functions in 3.11a3
Paul Kehrer added the comment: Changes in ABI don't seem to be the likely culprit since the Dockerfile provided can demonstrate this bug and has no caching that would result in obtaining alpha2-based binaries. -- ___ Python tracker <https://bugs.python.org/issue46159> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46159] Segfault when using trace functions in 3.11a3
Change by Paul Kehrer : -- title: Segfault -> Segfault when using trace functions in 3.11a3 ___ Python tracker <https://bugs.python.org/issue46159> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46159] Segfault
New submission from Paul Kehrer : In Python 3.11a3 on Linux/x86_64 (failed to replicate on macOS, not attempted on Windows) the interpreter non-deterministically segfaults when running some code under coverage. This did not occur under 3.11a2. Looking at the backtrace from a core dump I see: #0 _PyFrame_FastToLocalsWithError (frame=0x7fedf9e1f608) at Objects/frameobject.c:903 #1 0x7fedfa15f593 in call_trampoline (tstate=0x55b767a44080, callback=0x7fedf8bbd9c0, This is the trace received if I use pure Python coverage (sys.settrace) while I get one inside coverage's ctracer if I use the native library. However, at the moment I don't believe the bug resides within coverage. Since stack frame optimization has been a focus in 3.11 could something have changed that is causing issues with sys.settrace/PyEval_SetTrace? I haven't managed to reduce this test case much but here's a somewhat messy dockerfile that can demonstrate it: FROM ubuntu:focal RUN apt-get update && apt-get install -y build-essential git cargo libffi-dev libssl-dev libsqlite3-dev zlib1g-dev curl RUN curl -OL https://www.python.org/ftp/python/3.11.0/Python-3.11.0a3.tgz && \ tar zxf Python-3.11* && \ cd Python-3.11* && \ ./configure --prefix=/opt && \ make -j4 && make install RUN /opt/bin/pip3 install tox && git clone https://github.com/pyca/cryptography RUN cd cryptography && /opt/bin/tox -e py311 -- messages: 409061 nosy: reaperhulk priority: normal severity: normal status: open title: Segfault type: crash versions: Python 3.11 ___ Python tracker <https://bugs.python.org/issue46159> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11783] email parseaddr and formataddr should be IDNA aware
Changes by Paul Kehrer <paul.l.keh...@gmail.com>: -- nosy: -reaperhulk ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11783> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11783] email parseaddr and formataddr should be IDNA aware
Paul Kehrer added the comment: As someone who built an idna aware API for pyca/cryptography and deeply regrets it I'd like to weigh in on the side of saying that IDNA is a presentation issue and that supporting it in lower level APIs is the cause of many bugs, some of which can potentially be security issues. Users wanting to make requests to IDNA domains should be responsible for the encoding themselves so that impedance mismatches in encoding version are both discoverable and correctable. -- nosy: +reaperhulk ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11783> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25270] codecs.escape_encode systemerror on empty byte string
New submission from Paul Kehrer: Python 3.5.0 (default, Sep 13 2015, 10:33:07) [GCC 4.2.1 Compatible Apple LLVM 6.1.0 (clang-602.0.53)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import codecs >>> codecs.escape_encode(b'') Traceback (most recent call last): File "", line 1, in SystemError: Objects/bytesobject.c:3553: bad argument to internal function I've tested this on Python 3.2 through 3.5. -- components: Interpreter Core messages: 251868 nosy: reaperhulk priority: normal severity: normal status: open title: codecs.escape_encode systemerror on empty byte string type: behavior versions: Python 3.2, Python 3.3, Python 3.4, Python 3.5 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25270> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com