standards icon indicating copy to clipboard operation
standards copied to clipboard
verified publisher icon SovereignCloudStack

[BUG] passlib seems in stasis?

Open mbuechse opened this issue 4 months ago • 2 comments

passlib is used in compliance monitor. It doesn't seem to keep up with bcrypt -- see https://github.com/pyca/bcrypt/issues/684#issuecomment-1902590553

Maybe we can use bcrypt directly?

mbuechse avatar Sep 05 '25 20:09 mbuechse

Makes sense to replace with bcrypt or cryptography.

berendt avatar Sep 08 '25 07:09 berendt

So we need to replace it with

  • https://pypi.org/project/argon2-cffi/
  • https://pypi.org/project/bcrypt/

Both seem to be reasonably simple to use.

Potential resource:

  • https://foss.heptapod.net/python-libs/passlib/-/tree/branch/stable/passlib/handlers

mbuechse avatar Sep 17 '25 19:09 mbuechse