Opened 15 years ago

Last modified 15 years ago

#84 closed defect (FIXED)

Should we use passlib?

Reported by: Christopher Allan Webber Owned by:
Priority: minor Milestone:
Component: Keywords:
Cc: Parent Tickets:

Description

Currently we use py-bcrypt for python password hashing.

http://code.google.com/p/py-bcrypt/

Should we use passlib?

http://packages.python.org/passlib/

My main thought is, "Which of these libraries has more users and is more likely to stay around while remaining secure?"

Change History (3)

comment:1 by Christopher Allan Webber, 15 years ago

<aleksm> for #369, passlib also has bcrypt so the only thing that separates
         them apart is the community, and I'm willing to bet that passlib has
         more users

Looking again at it:

It will use the first available of two possible backends:

    py-bcrypt, if installed.
    stdlib crypt(), if the host OS supports BCrypt.

You can see which backend is in use by calling the get_backend() method.

http://packages.python.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt

comment:2 by Christopher Allan Webber, 15 years ago

Status: NewClosed

Marking as closed because I think the answer is safely either "no or not yet, since they use the same library we do anyway for bcrypt."

comment:3 by Will Kahn-Greene, 14 years ago

The original url for this bug was http://bugs.foocorp.net/issues/369 .

Note: See TracTickets for help on using tickets.