Python3 is removing crypt.crypt and not replacing it with anything

In this thread: People don&#x27;t read the PEP and make knee-jerk assumptions.<p>In the PEP (<a href="https:&#x2F;&#x2F;peps.python.org&#x2F;pep-0594&#x2F;#crypt" rel="nofollow">https:&#x2F;&#x2F;peps.python.org&#x2F;pep-0594&#x2F;#crypt</a>) it points out that this module didn&#x27;t work on Windows at all and didn&#x27;t provide any useful real-world functionality on Linux, BSD or macOS.<p>The use case mentioned in this blog (SHA512 password hashing) is considered a bad practice because unlike bcrypt, SHA512 is fast for an attacker to execute to check if a credential guess matches a hash.

The rationale mentioned here <a href="https:&#x2F;&#x2F;peps.python.org&#x2F;pep-0594&#x2F;#crypt" rel="nofollow">https:&#x2F;&#x2F;peps.python.org&#x2F;pep-0594&#x2F;#crypt</a><p>Highlight:<p>&gt; Only DES encryption is guaranteed to be available. DES has an extremely limited key space of 2*56.

It&#x27;s a remarkably gentle deprecation schedule. PEP 594 has been worked on for four and a half years. Python versions since 3.11 (released over a year ago) printed warnings. Python 3.12, with crypt, will continue to be supported for nearly five years.<p>This package says it&#x27;s a drop-in replacement for the library. <a href="https:&#x2F;&#x2F;pypi.org&#x2F;project&#x2F;py-purecrypt&#x2F;" rel="nofollow">https:&#x2F;&#x2F;pypi.org&#x2F;project&#x2F;py-purecrypt&#x2F;</a>

In the Year of our Lord 2024 we still refer to Python3 as Python3. &#x2F;meme

Unfortunately, Python minor version changes are neither forward nor backward compatible.

As part of the Internet archive, are there people who make VMs of older systems and libraries that can still open these old formats?<p>Thinking of Vernor Vinge&#x27;s information archaeologists from <i>A Fire Upon The Deep</i>.

That&#x27;s modern python. There&#x27;s really no single stable python to target anymore. Only pythons. Every project requires you to set up a container in which you just create a custom python specifically for that project.<p>Breaking feature removal is more of the same spirit. These are the consequences of popularity and rapid progress. Perl would never be forced into a corner like this and chose to break things.

IMHO, there should be a way to make de facto standard libraries included in python batteries. My (personal) short list: - requests - cryptography - numpy - pandas - tornado - plotly at least half of the top10 <a href="https:&#x2F;&#x2F;pypistats.org&#x2F;top" rel="nofollow">https:&#x2F;&#x2F;pypistats.org&#x2F;top</a> should be candidates for being included in python

They&#x27;re removing a lot more than crypt. Also, telnet, smtp, nntp, various file format support, xdr, and so on.<p>Crypt is particularly painful, since removing it will effectively cryptoshred user password databases.<p>Anyway, I&#x27;m not particularly surprised. I don&#x27;t think I&#x27;ve ever written or encountered a python script that didn&#x27;t bit-rot after six months.

Between this and the telnetlib removal, a significant amount of code I have written is going to need to be pinned to a specific version, or vendor in those features.<p>A lot of that is code to interact with weird old shit, so I guess I can’t expect upstream to maintain old shit forever.<p>I do wish Python came with a solid cryptography library “out of the box” instead of having to use PyCrypto&#x2F;Cryptodome&#x2F;Cryptography&#x2F;Whatever - and I also wish the way it’s ssl sockets module worked didn’t have weird unexpected things to do with how it handles file descriptors - you can’t just dup2 a ssl wrapped socket for example, unlike a normal socket

`cryptography` is the de facto standard crypto library for Python <a href="https:&#x2F;&#x2F;cryptography.io&#x2F;en&#x2F;latest&#x2F;" rel="nofollow">https:&#x2F;&#x2F;cryptography.io&#x2F;en&#x2F;latest&#x2F;</a>

Python core devs are succumbing to wikipedia editor disease it seems. Not the first bit of crypto functionality they&#x27;ve removed without a good alternative :(

Rage is all the rage these days, and following the PEP link he provided, the explanation is outrageous:<p>&quot;The algorithms are mostly old, of poor quality and insecure. Users are discouraged from using them.&quot;<p>Why is this post being upvoted?

I think this is a good decision -- crypto is not a standard library thing and including it in the first place was a mistake. I assume someone will take the liberty of mirroring the crypt library onto pypi and everyone can just install that if they&#x27;re worried about their code breaking. In my experience upgrading python versions always has some friction so I don&#x27;t think that&#x27;s a big ask.

LOL. Std lib removes crypto package and the answer is “copy paste this code from this blog”? How predictably awful.<p>Don’t do this. Instead, carefully analyse and evaluate well known and well tested packages to do crypto with.

*python3.13