search

mbasanta / passlib

Automatically exported from code.google.com/p/passlib
Other
0 stars 0 forks source link

SHA3 support #42

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Now that SHA3 is out, the issue has come up periodically of adding it to 
passlib. 

The primarily frontend change would be to add a PBKDF2-HMAC-SHA3_512 hash 
format. In terms of coding, this should present little problem. However - SHA3 
was designed to be *more* efficient in hardware than SHA2, meaning that while 
SHA2 still stands, SHA3 would in fact be *cheaper and easier* to brute force. 
So, strictly from a password hashing perspective, SHA3 offers no particular 
benefit.

Furthermore, as of 2013-1-4, the pysha3 project 
(http://pypi.python.org/pypi/pysha3) still has some architecture-specific bugs 
and build issues, and notes that it's not suitable for HMAC yet (due to a lack 
of test vectors). At the very least, this issue is on hold until that project's 
status changes.

Original issue reported on code.google.com by elic@astllc.org on 5 Jan 2013 at 4:34

GoogleCodeExporter commented 9 years ago

Original comment by elic@astllc.org on 5 Jan 2013 at 4:34