rehashing in pbkdf2?

29 views
Skip to first unread message

alabde...@gmail.com

unread,
Oct 27, 2013, 6:33:22 PM10/27/13
to passli...@googlegroups.com
hi
just saw the release note in django 1.5.5 
how about passlib?

Eli Collins

unread,
Oct 28, 2013, 12:41:26 PM10/28/13
to passli...@googlegroups.com
Passlib has enforced a max-password-size limit since v1.6.0 (see http://pythonhosted.org/passlib/history.html#existing-hashes, the section labeled "Password Size Limit").   Coincidentally, this defaults to 4096 characters the same as Django, though Passlib's can be configured via an environmental variable (see http://pythonhosted.org/passlib/lib/passlib.exc.html#passlib.exc.PasswordSizeError).   That limit is enforced uniformly for all of passlib's hashers, because the structure of some their algorithms make it nearly impossible to prevent a DOS issue. So unlike Django, that limit probably won't ever be removed.

Regarding their other change... the development repo already has a similar pre-hashed-key optimization made to it's pbkdf2 implementation, which will be rolled out with the v1.7.   But I plan to go study Django's and a few others before the final release, to make sure there isn't any more speed I can wring out of it :)

- Eli

--
You received this message because you are subscribed to the Google Groups "passlib-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to passlib-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


alabde...@gmail.com

unread,
Oct 28, 2013, 3:27:14 PM10/28/13
to passli...@googlegroups.com
i completely forgot that on the system where i've used passlib, in registration or login, the password is cut to 30 char!
sorry again :D
and always waiting for the newest passlib ;)
thank you again 
Reply all
Reply to author
Forward
0 new messages