rehashing in pbkdf2?

[alabde...@gmail.com]

hi

just saw the release note in django 1.5.5 

https://docs.djangoproject.com/en/1.5/releases/1.5.5/

how about passlib?

[Eli Collins]

Passlib has enforced a max-password-size limit since v1.6.0 (see http://pythonhosted.org/passlib/history.html#existing-hashes, the section labeled "Password Size Limit").   Coincidentally, this defaults to 4096 characters the same as Django, though Passlib's can be configured via an environmental variable (see http://pythonhosted.org/passlib/lib/passlib.exc.html#passlib.exc.PasswordSizeError).   That limit is enforced uniformly for all of passlib's hashers, because the structure of some their algorithms make it nearly impossible to prevent a DOS issue. So unlike Django, that limit probably won't ever be removed.

Regarding their other change... the development repo already has a similar pre-hashed-key optimization made to it's pbkdf2 implementation, which will be rolled out with the v1.7.   But I plan to go study Django's and a few others before the final release, to make sure there isn't any more speed I can wring out of it :)

- Eli

--
You received this message because you are subscribed to the Google Groups "passlib-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to passlib-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[alabde...@gmail.com]

i completely forgot that on the system where i've used passlib, in registration or login, the password is cut to 30 char!

sorry again :D

and always waiting for the newest passlib ;)

thank you again