Closed devraj closed 1 year ago
pyca/bcrypt
has an implementation of hashed
password which can be used as:
>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a randomly-generated salt
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
>>> # Check that an unhashed password matches one that has previously been
>>> # hashed
>>> if bcrypt.checkpw(password, hashed):
... print("It Matches!")
... else:
... print("It Does not Match :(")
this drops the need for using passlib
, from here we need to:
bcrypt
as a dependency bcrypt
passlib
as a dependency
Is your feature request related to a problem? Please describe. We've been using passlib to hash passwords.
The library has not receieved any updates in over two years. The runtimes are now throwing warnings for one of it's dependencies which will be dropped in Python
3.13
(first seen when I was running tests)A ticket was lodged in November 2022, and by the looks of it the developers have not even triaged much for a while.
Should we consider an alternative to using passlib?
Describe the solution you'd like Carefully evaluate other alternatives, preferably one that provides higher level implementations.
We do not want to maintain any cryptography related items if we don't have to.
Describe alternatives you've considered NA
Additional context See repository for inactivity