Closed tiran closed 5 years ago
Thanks!
Sure you can! Happy to see some good implementation work going on. Patching it right now!
I spoke too fast. An old version of TripleSec uses XOR_HMAC_SHA3_SHA512 as the PRF for PBKDF2 and looking at your code I couldn't figure out a way to make it work without horrible monkey-patching...
Any suggestions?
BTW, TripleSec v3 switched to scrypt, so the performance hit is neglegible (the DoS is an issue, though)
Nice work! :)
I saw that you are using my Python implementation of SHA3. May I convince you to use my implementation of PBKDF2, too? You are using the slowest Python implementation of PBKDF2 on the market. It has a DoS flaw, too. My own code [1] is much faster and also available in Python 3.4 stdlib [2].
[1] https://bitbucket.org/tiran/backports.pbkdf2/ [2] http://docs.python.org/3.4/library/hashlib.html#key-derivation-function