Add an optional dependency on python-fastpbkdf2

Issue #67 resolved
Terry Chia created an issue

I maintain ​python-fastpbkdf2, a hashlib.pbkdf2_hmac compatible interface that's around 3 times faster on CPython and more than 10x faster on PyPy.

This is the benchmark I use:

#!/usr/bin/bash

echo "Benchmark hashlib..."
python -m timeit -n 100 -s "from hashlib import pbkdf2_hmac" "pbkdf2_hmac('sha1', b'password', b'salt', 100000)"

echo "Benchmark fastpbkdf2..."
python -m timeit -n 100 -s "from fastpbkdf2 import pbkdf2_hmac" "pbkdf2_hmac('sha1', b'password', b'salt', 100000)"

On CPython 3.4.1,

$ ./bench.sh
Benchmark hashlib...
100 loops, best of 3: 60.2 msec per loop
Benchmark fastpbkdf2...
100 loops, best of 3: 20.3 msec per loop

On PyPy 2.6.0:

$ ./bench.sh
Benchmark hashlib...
100 loops, best of 3: 242 msec per loop
Benchmark fastpbkdf2...
100 loops, best of 3: 19.2 msec per loop

A faster PBKDF2 implementation improves security because a higher work factor can be used for the same amount of computing power. Would a patch to switch passlib's PBKDF2 implementation to this library be accepted?

Comments (4)

  1. Eli Collins repo owner

    My apologies about the delay in responding to this; I needed to find time to look over the fastpbkdf2 code, as well as rework some bits of passlib to make alternate backends easier.

    That's a nice fast pbkdf2 implementation there :)

    As of rev ea79849bc33d, passlib's pbkdf2 code will use fastpbkdf2 if it's available.

    That'll be part of the 1.7 release, which I'll planning to get out in this or next month.

  2. Log in to comment