Opened 13 years ago

Last modified 13 years ago

#84 closed defect (FIXED)

Should we use passlib?

Reported by: Christopher Allan Webber Owned by:
Priority: minor Milestone:
Component: Keywords:
Cc: Parent Tickets:


Currently we use py-bcrypt for python password hashing.

` <>`_

Should we use passlib?

` <>`_

My main thought is, "Which of these libraries has more users and is
more likely to stay around while remaining secure?"

Change History (3)

comment:1 by Christopher Allan Webber, 13 years ago


    <aleksm> for #369, passlib also has bcrypt so the only thing that separates
             them apart is the community, and I'm willing to bet that passlib has
             more users

Looking again at it:


    It will use the first available of two possible backends:
        py-bcrypt, if installed.
        stdlib crypt(), if the host OS supports BCrypt.
    You can see which backend is in use by calling the get_backend() method.

` <>`_

comment:2 by Christopher Allan Webber, 13 years ago

Status: NewClosed
Marking as closed because I think the answer is safely either "no
or not yet, since they use the same library we do anyway for

comment:3 by Will Kahn-Greene, 12 years ago

The original url for this bug was .

Note: See TracTickets for help on using tickets.