Bcrypt in python

Question

Bcrypt in python

I'm currently trying to create a registration system with a very high degree of security.

So, I want to use bcrypt, and I also found a third-party library, py-bcrypt .

But the author said that this is a pure python implementation.

Now I read somewhere that it is not recommended to use bcrypt in python just because it is too slow and this leads to a security leak. bcrypt must be implemented in C.

Can anyone confirm this? Now what should I do?

Should I use:

bcrypt (python)
SHA512 (from hashlib)
something other

I am using google app engine

EDIT: http://packages.python.org/passlib/lib/passlib.hash.bcrypt.html#bcrypt-backends

, pure-python (# 4) , , , . - , PASSLIB_BUILTIN_BCRYPT = "enabled".

+5

python security bcrypt hash

Maik Klein 09 . '12 10:49

2

passlib. C bcrypt.

+4

bobince 09 . '12 12:49

Chopstick · Accepted Answer · 2012-07-09T11:26:31+0000

? 8000 :

Hashlib:

#!/usr/bin/env python
import hashlib
import random

password = str(random.getrandbits(8000))
print hashlib.sha512(password).hexdigest()

, :

#!/usr/bin/env python
import hashlib
import random

password = str(random.getrandbits(8000))
salt = str(random.getrandbits(256))
print hashlib.sha512(password + salt).hexdigest()

Bcrypt:

#!/usr/bin/env python
import bcrypt
import random

password = str(random.getrandbits(8000))
print bcrypt.hashpw(password,bcrypt.gensalt())

bcrypt:

$ time ./bcrypt_test.py 
$2a$12$Om3a3zKsCNAM/SLB3hq5w.HYukFwn4CJ73rjXYNUPgqckUx2uLEmG

real    0m0.401s
user    0m0.313s
sys 0m0.013s

Timing hashlib:

$ time ./hashlib_test.py 
9e37eb4f164bbb1808833297d0244327e4faac109cd92729228f6e36d75d23044ac13a7a1907515cd6db44474b244678779e3ae4e97d8355c2069332aae52d61

real    0m0.032s
user    0m0.021s
sys 0m0.010s
$

Bcrypt in python

More articles: