(Imported from Google Code)
[affects Passlib 1.6, possibly earlier releases]
The CryptContext compiler stage has a couple of border cases it doesn't handle correctly...
1. If there is no explicit default, CryptContext should pick the first *non-deprecated* scheme. It currently picks the first listed scheme, even if it's flagged as deprecated, causing verify_and_update to re-encrypt every time. (reported by Barry Warsaw).
2. The compiler stage should throw an error if an explicit default is flagged as deprecated; otherwise user would get
3. The compile stage should throw an error if all listed schemes are flagged as deprecated; otherwise user would get
#1's behavior or an incorrect error message.
Once fixed, need to add unittests for all these, and update documentation re: