===== //(Imported from Google Code)//
Passlib currently takes in whatever unicode sequence is offered, and hashes it. However, there unicode normalization issues, non-printing code points (eg SHY) that should be discarded, and many other things which might cause problems reproducing the correct hash from differing user input.
SASL has already addressed this problem via the SASL stringprep profile - [[https://tools.ietf.org/html/rfc4013|https://tools.ietf.org/html/rfc4013]] - this provides a well-thought out unicode normalization policy to prepare passwords for hashing.
It would be good to integrate this into passlib, but it would have to be done in a way that wouldn't impact existing hashes and deployments, which may be relying on other policies. One possible way would be to added a 'stringprep' option to CryptContext, and let it take care of preparing passwords before hashing them.