Opened 15 years ago
Last modified 15 years ago
#84 closed defect (FIXED)
Should we use passlib?
| Reported by: | Christopher Allan Webber | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Keywords: | ||
| Cc: | Parent Tickets: |
Description
Currently we use py-bcrypt for python password hashing.
http://code.google.com/p/py-bcrypt/
Should we use passlib?
http://packages.python.org/passlib/
My main thought is, "Which of these libraries has more users and is more likely to stay around while remaining secure?"
Change History (3)
comment:1 by , 15 years ago
comment:2 by , 15 years ago
| Status: | New → Closed |
|---|
Marking as closed because I think the answer is safely either "no or not yet, since they use the same library we do anyway for bcrypt."

<aleksm> for #369, passlib also has bcrypt so the only thing that separates them apart is the community, and I'm willing to bet that passlib has more usersLooking again at it:
It will use the first available of two possible backends: py-bcrypt, if installed. stdlib crypt(), if the host OS supports BCrypt. You can see which backend is in use by calling the get_backend() method.http://packages.python.org/passlib/lib/passlib.hash.bcrypt.html?highlight=bcrypt#passlib.hash.bcrypt