Issue #42 on hold
Eli Collins repo owner created an issue

(Imported from Google Code)

Now that SHA3 is out, the issue has come up periodically of adding it to passlib.

The primarily frontend change would be to add a PBKDF2-HMAC-SHA3_512 hash format. In terms of coding, this should present little problem. However - SHA3 was designed to be *more* efficient in hardware than SHA2, meaning that while SHA2 still stands, SHA3 would in fact be *cheaper and easier* to brute force. So, strictly from a password hashing perspective, SHA3 offers no particular benefit.

Furthermore, as of 2013-1-4, the pysha3 project (http://pypi.python.org/pypi/pysha3) still has some architecture-specific bugs and build issues, and notes that it's not suitable for HMAC yet (due to a lack of test vectors). At the very least, this issue is on hold until that project's status changes.

Comments (3)

  1. Eli Collins reporter

    Due to issues such as outlined in http://security.stackexchange.com/questions/21112/what-is-sha-3-and-why-did-we-change-it, it seems unlikely SHA3 will ever be suitable for password hashing, as long as SHA2 is standing; particularly until servers with dedicated hardware for sha3 are common.

    And by then, argon2 is probably going to be superior for the task.

    So putting this on hold indefinitely.


    Though a pbkdf2_sha3_256 class could be easily defined -- once official HMAC test vectors are available, and pysha3 exposes the .block_size parameter -- neither of which has happened as of 2016-6-25

  2. Log in to comment