Use a better implementation of PBKDF2

keybase / python-triplesec

A Python port of the triplesec library.

BSD 3-Clause "New" or "Revised" License

82 stars 18 forks source link

Use a better implementation of PBKDF2 #4

Closed tiran closed 5 years ago

tiran commented 10 years ago

Nice work! :)

I saw that you are using my Python implementation of SHA3. May I convince you to use my implementation of PBKDF2, too? You are using the slowest Python implementation of PBKDF2 on the market. It has a DoS flaw, too. My own code [1] is much faster and also available in Python 3.4 stdlib [2].

[1] https://bitbucket.org/tiran/backports.pbkdf2/ [2] http://docs.python.org/3.4/library/hashlib.html#key-derivation-function

FiloSottile commented 10 years ago

Thanks!

Sure you can! Happy to see some good implementation work going on. Patching it right now!

FiloSottile commented 10 years ago

I spoke too fast. An old version of TripleSec uses XOR_HMAC_SHA3_SHA512 as the PRF for PBKDF2 and looking at your code I couldn't figure out a way to make it work without horrible monkey-patching...

Any suggestions?

BTW, TripleSec v3 switched to scrypt, so the performance hit is neglegible (the DoS is an issue, though)