Opened 14 years ago
Last modified 14 years ago
#84 closed defect (FIXED)
Should we use passlib?
| Reported by: | Christopher Allan Webber | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Keywords: | ||
| Cc: | Parent Tickets: |
Description
Currently we use py-bcrypt for python password hashing. `http://code.google.com/p/py-bcrypt/ <http://code.google.com/p/py-bcrypt/>`_ Should we use passlib? `http://packages.python.org/passlib/ <http://packages.python.org/passlib/>`_ My main thought is, "Which of these libraries has more users and is more likely to stay around while remaining secure?"
Change History (3)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
| Status: | New → Closed |
|---|
Marking as closed because I think the answer is safely either "no or not yet, since they use the same library we do anyway for bcrypt."
Note:
See TracTickets
for help on using tickets.
:: <aleksm> for #369, passlib also has bcrypt so the only thing that separates them apart is the community, and I'm willing to bet that passlib has more users Looking again at it: :: It will use the first available of two possible backends: py-bcrypt, if installed. stdlib crypt(), if the host OS supports BCrypt. You can see which backend is in use by calling the get_backend() method. `http://packages.python.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt <http://packages.python.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt>`_