bcrypt dependency version should be 3.1.3

[pghmcfc]

Earlier versions don't support ignore_few_rounds parameter for kdf():

$ /usr/bin/python2 ./test.py --no-sftp --no-big-file
............................................................................E...............................................................................
======================================================================
ERROR: test_ed25519 (tests.test_pkey.KeyTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/builddir/build/BUILD/paramiko-2.2.0/tests/test_pkey.py", line 456, in test_ed25519
    test_path('test_ed25519_password.key'), b'abc123'
  File "/builddir/build/BUILD/paramiko-2.2.0/paramiko/pkey.py", line 205, in from_private_key_file
    key = cls(filename=filename, password=password)
  File "/builddir/build/BUILD/paramiko-2.2.0/paramiko/ed25519key.py", line 59, in __init__
    signing_key = self._parse_signing_key_data(data, password)
  File "/builddir/build/BUILD/paramiko-2.2.0/paramiko/ed25519key.py", line 122, in _parse_signing_key_data
    ignore_few_rounds=True,
TypeError: kdf() got an unexpected keyword argument 'ignore_few_rounds'

----------------------------------------------------------------------
Ran 156 tests in 21.618s

FAILED (errors=1)

That was with 3.1.2.

[ploxiln]

Thanks for the report!
cc @alex

[bitprophet]

LOL @ adding features in a bugfix release 😞 That kwarg seems to have been added at the same time as the warnings it mutes, going by their changelog on PyPI. Unfortunately this means if we just axe it, users will presumably get annoying warnings on bcrypt 3.1.3+.

Requiring users to be on bcrypt 3.1.3 or newer doesn't seem super awful to me (esp given it's a brand new requirement as of Paramiko 2.2.0). Otherwise we have to do something mildly gross like a try / except TypeError fallback to the non-ignore_few_rounds invocation of kdf(). Which then could mask real TypeErrors lower down.

So I'm thinking we just bump the setup.py requirement for bcrypt up to 3.1.3. If there are no counterarguments I'll do that soon.

[ploxiln]

Another thing I've done before is change the logging level for a particular module, e.g.

logging.getLogger("bcrypt").setLevel(logging.ERROR)

I'm not sure if that would work in this case, but if it did, it would allow to remove use of ignore_few_rounds while still preventing the warnings.

It does seem like bumping the requirement to bcrypt==3.1.3 isn't too bad, probably the simplest and best way to go.

[bitprophet]

In my limited experience there's log-level warnings and then there's use of the warnings module which is wholly distinct...not sure which bcrypt is using in this case.

[ploxiln]

bcrypt requirement bumped in just-released paramiko-2.2.1

[bitprophet]

Oh yea, I neglected to close the related tickets, my bad - thanks!