-
-
Notifications
You must be signed in to change notification settings - Fork 30.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PEP 466: Backport hashlib.pbkdf2_hmac to Python 2.7 #65503
Comments
Pursuant to PEP-466, this is a backport of Python 3.4's hashlib.pbkdf2_hmac. Of note in this patch:
|
See also http://bugs.python.org/issue21288 to consider one fix/oversite/addition to the existing API as part of this process. (discuss that there) by default: use the exact same API as 3.4 if it is suitable for PEP-466 and 2.7.7's needs. the above issue is about fixing a possible oversight; so if it happens in 3.4 it should happen in 2.7.7. |
Yup, I've got my eyes on it, if anything lands there I'll include it in this in the 2.7 code, whether it's before or after this patch lands :-) |
New patch includes the documentation as well. |
The attached patch looks pretty good to me. |
I'm still concerned about the unicode issue, but I'm not sure what the right way to fix it is. |
I don't think there's any way around it, nor do I think that it actually leaks any meaningful timing. |
Sorry, I wasn't concerned from a timing attack perspective here, I was concerned from an "oh my god implicit coercion is terrible" perspective :-) |
Oh, gotcha. Yea I agree, but it's Python 2.x that's par for the course. |
Some comments:
|
Sorry that I join the party rather late. How about you take my back port from https://bitbucket.org/tiran/backports.pbkdf2/ and remove all Python 3.x related code? :) I spent a lot of time to make the code as fast as possible. |
On 19.05.2014 12:24, Christian Heimes wrote:
Could you perhaps compare this to the proposed patch ? |
Updated patch applies all of MAL's suggestions. Except the buffer() one, the purpose of the buffer() call is to make it an error to pass a list (or random other types) since you can call bytes() on any object. |
As a note, the current code is basically identical to the code in Christain's backport, without the py3k compat. |
Looks like there's a debugging turd in the test. |
New patch removes the pdb nonsense in the test. |
New changeset e4da3ba9dcac by Benjamin Peterson in branch '2.7': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: