Opened 14 years ago

Last modified 14 years ago

#84 closed defect (FIXED)

Should we use passlib?

Reported by: Christopher Allan Webber Owned by:
Priority: minor Milestone:
Component: Keywords:
Cc: Parent Tickets:

Description

Currently we use py-bcrypt for python password hashing.

`http://code.google.com/p/py-bcrypt/ <http://code.google.com/p/py-bcrypt/>`_

Should we use passlib?

`http://packages.python.org/passlib/ <http://packages.python.org/passlib/>`_

My main thought is, "Which of these libraries has more users and is
more likely to stay around while remaining secure?"



Change History (3)

comment:1 by Christopher Allan Webber, 14 years ago

::

    <aleksm> for #369, passlib also has bcrypt so the only thing that separates
             them apart is the community, and I'm willing to bet that passlib has
             more users

Looking again at it:

::

    It will use the first available of two possible backends:
    
        py-bcrypt, if installed.
        stdlib crypt(), if the host OS supports BCrypt.
    
    You can see which backend is in use by calling the get_backend() method.

`http://packages.python.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt <http://packages.python.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt>`_



comment:2 by Christopher Allan Webber, 14 years ago

Status: NewClosed
Marking as closed because I think the answer is safely either "no
or not yet, since they use the same library we do anyway for
bcrypt."



comment:3 by Will Kahn-Greene, 13 years ago

The original url for this bug was http://bugs.foocorp.net/issues/369 .

Note: See TracTickets for help on using tickets.