Hynek Schlawack <h...@ox.cx> added the comment: > For 3.4, I hope to see a discussion open up regarding the idea of something > like a "securitytools" module that aims to provide some basic primitives for > operations where Python's standard assumptions (such as flexibility and short > circuiting behaviour) are a bad fit for security reasons. That would include > exposing a C level full_compare option, as well as the core pbkdf2 algorithm.
Strong +1 on that one. We could even consider adding bcrypt and scrypt as C isn't really an issue for us. Ideally we'd add a module with docs which both promote and leverage secure behavior. Basically how to realize http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html in Python. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
