diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-04 22:47:21 +0530 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-04 13:17:21 -0400 |
commit | 05992f6a7c18b8c832b51aee44d1052749ef52af (patch) | |
tree | 36295c6e9387fc14797df393b645bf1b86c1e1b9 | |
parent | 4dc6f0a72af2f5163a20acd573c6faa95e6fb06d (diff) | |
download | py-bcrypt-git-05992f6a7c18b8c832b51aee44d1052749ef52af.tar.gz |
update the readme to note alternatives but still say bcrypt is good (#151)
* update the readme to note alternatives but still say bcrypt is good
* readme can say cryptography
* fix a nit, let me sleep alex!
-rw-r--r-- | README.rst | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -8,7 +8,7 @@ bcrypt .. image:: https://travis-ci.org/pyca/bcrypt.svg?branch=master :target: https://travis-ci.org/pyca/bcrypt -Modern password hashing for your software and your servers +Good password hashing for your software and your servers Installation @@ -34,6 +34,11 @@ For Fedora and RHEL-derivatives, the following command will ensure that the requ $ sudo yum install gcc libffi-devel python-devel +Alternatives +============ + +While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. + Changelog ========= @@ -177,3 +182,6 @@ Security identify a vulnerability, we ask you to contact us privately. .. _`same security policy as cryptography`: https://cryptography.io/en/latest/security/ +.. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt +.. _`argon2_cffi`: https://argon2-cffi.readthedocs.io +.. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt |