cubicweb #2103684 use passlib (?) [resolved]

passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 20 password hashing algorithms, as well as a framework for managing existing password hashes. It’s designed to be useful for a large range of tasks, including:

  • quick-start password hashing for new python applications ~ quickstart guide
  • constructing a configurable hashing policy to match the needs of any python application ~ passlib.context
  • reading & writing Apache htpasswd / htdigest files ~ passlib.apache
  • creating & verifying hashes used by MySQL, PostgreSQL, OpenLDAP, and other applications ~ passlib.apps
  • creating & verifying hashes found in Unix “shadow” files ~ passlib.hosts

CW uses different hash algo on unix and windows, making migrations of users difficult (we need a password reset). If only for this, using passlib would be nice.

done in3.14.7
load left0.000
closed by#9c59258e7798 [security] use a stronger encryption algorythm for password, keeping bw compat