24  

Scrypt and BCrypt are both extremely processor-intensive (by design). Because of this, I very much doubt any pure-python implementation is going to be fast enough to be secure - that is, be able to hash using a sufficient number of rounds within a reasonable amount of time.

Scrypt和BCrypt都是处理器密集型的(按设计)。因此,我非常怀疑任何纯python实现都足够安全 - 也就是说,能够在合理的时间内使用足够数量的舍入进行散列。

I can personally attest to this, I've tried writing a pure-python BCrypt, and it was way too slow to be useful. The docs for the pure-python bcrypt implementation mentioned in another answer note this exact flaw - to beware of using it for actual security, it's rounds must be set too low. The only time such implementations will be fast enough is under pypy, which is not the situation you're faced with.

我可以亲自证明这一点,我已经尝试过编写一个纯粹的python BCrypt,它太慢而无法使用。另一个答案中提到的纯python bcrypt实现的文档指出了这个确切的缺陷 - 要小心使用它来实际安全性,它的轮次必须设置得太低。唯一一次这样的实现足够快的是pypy,这不是你面临的情况。

What you want to go with is something based on an available hash primitive like SHA-2. That way the heavy calculation bit will still be able to be written in C, even under GAE. I'd recommend something based on PBKDF2 or SHA-512-Crypt (note: this is not just a plain sha512 hash). The security of the algorithms is just as good, but pure-python implementations will be much more efficient, since they can leverage hashlib to do the heavy lifting.

您想要使用的是基于可用的哈希原语(如SHA-2)的内容。这样,即使在GAE下,重计算位仍然可以用C语言编写。我推荐一些基于PBKDF2或SHA-512-Crypt的东西(注意:这不仅仅是一个简单的sha512哈希)。算法的安全性同样好,但纯python实现将更加高效,因为它们可以利用hashlib来完成繁重的工作。

The Passlib library might be useful in this case, it contains implementations of PBKDF2 and SHA-512-Crypt in pure python. (Disclaimer: I'm the author of that library). Another Python library with PBKDF2 support is Cryptacular.

在这种情况下,Passlib库可能很有用,它包含纯Python中的PBKDF2和SHA-512-Crypt的实现。 (免责声明:我是该图书馆的作者)。另一个支持PBKDF2的Python库是Cryptacular。

7  

This guy ported py-bcrypt to pure python so you can use it on GAE: https://github.com/erlichmen/py-bcrypt

这个人将py-bcrypt移植到纯python中,所以你可以在GAE上使用它:https://github.com/erlichmen/py-bcrypt