As evidenced by cases such as issue #60,
passlib.apps.custom_app_context may not be the right approach, as it's trying to be a 'one size fits all' solution in a world where there a wide variety of CPU speeds and performance characteristics.
Adding some code to custom_app_context which performed system-depending timing tests after each load would introduce unacceptable delays in application startup; and trying to cache this information in the filesystem would add needless api headache for developers wishing to get up and running quickly.
The only remaining solution seems to be to replace/supplement
custom_app_context with a command line tool that performs timing tests (using the code from
$SRC/choose_rounds.py), and outputs a CryptContext configuration string for developers to use, tuned specifically to their system.
To make sure they regenerate this periodically, would need to give the string an "expiration" date, which could be done by adding a CryptContext configuration option to issue a PasslibSecurityWarning once the configuration was older than a certain date.