Skip to main content

Modern password hashing for your software and your servers

Project description

bcrypt

Latest Version https://travis-ci.org/pyca/bcrypt.svg?branch=master

Modern password hashing for your software and your servers

Installation

To install bcrypt, simply:

$ pip install bcrypt

Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you’re not using pypy), and headers for the libffi libraries available on your system.

For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:

$ sudo apt-get install build-essential libffi-dev python-dev

For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:

$ sudo yum install gcc libffi-devel python-devel

Changelog

3.0.0

  • Switched the C backend to code obtained from the OpenBSD project rather than openwall.

  • Added support for bcrypt_pbkdf via the kdf function.

2.0.0

  • Added support for an adjustible prefix when calling gensalt.

  • Switched to CFFI 1.0+

Usage

Hashing

Hashing and then later checking that a password matches the previous hashed password is very simple:

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a randomly-generated salt
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
>>> # Check that a unhashed password matches one that has previously been
>>> #   hashed
>>> if bcrypt.hashpw(password, hashed) == hashed:
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

KDF

As of 3.0.0 bcrypt now offers a kdf function which does bcrypt_pbkdf. This KDF is used in OpenSSH’s newer encrypted private key format.

>>> import bcrypt
>>> key = bcrypt.kdf(
...     password=b'password',
...     salt=b'salt',
...     desired_key_bytes=32,
...     rounds=100)

Adjustable Work Factor

One of bcrypt’s features is an adjustable logarithmic work factor. To adjust the work factor merely pass the desired number of rounds to bcrypt.gensalt(rounds=12) which defaults to 12):

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a certain number of rounds
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
>>> # Check that a unhashed password matches one that has previously been
>>> #   hashed
>>> if bcrypt.hashpw(password, hashed) == hashed:
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

Adjustable Prefix

Another one of bcrypt’s features is an adjustable prefix to let you define what libraries you’ll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

As of 3.0.0 the $2y$ prefix is still supported in hashpw but deprecated.

Maxmimum Password Length

The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:

>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
...     base64.b64encode(hashlib.sha256(password).digest()),
...     bcrypt.gensalt()
... )

Compatibility

This library should be compatible with py-bcrypt and it will run on Python 2.6+, 3.3+, and PyPy 2.6+.

C Code

This library uses code from OpenBSD.

Security

bcrypt follows the same security policy as cryptography, if you identify a vulnerability, we ask you to contact us privately.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bcrypt-3.0.0.tar.gz (34.1 kB view hashes)

Uploaded Source

Built Distributions

bcrypt-3.0.0-cp35-cp35m-win_amd64.whl (24.5 kB view hashes)

Uploaded CPython 3.5m Windows x86-64

bcrypt-3.0.0-cp35-cp35m-win32.whl (23.0 kB view hashes)

Uploaded CPython 3.5m Windows x86

bcrypt-3.0.0-cp35-cp35m-manylinux1_x86_64.whl (56.1 kB view hashes)

Uploaded CPython 3.5m

bcrypt-3.0.0-cp35-cp35m-manylinux1_i686.whl (57.1 kB view hashes)

Uploaded CPython 3.5m

bcrypt-3.0.0-cp35-cp35m-macosx_10_6_intel.whl (49.6 kB view hashes)

Uploaded CPython 3.5m macOS 10.6+ intel

bcrypt-3.0.0-cp34-cp34m-win_amd64.whl (23.2 kB view hashes)

Uploaded CPython 3.4m Windows x86-64

bcrypt-3.0.0-cp34-cp34m-win32.whl (22.8 kB view hashes)

Uploaded CPython 3.4m Windows x86

bcrypt-3.0.0-cp34-cp34m-manylinux1_x86_64.whl (55.9 kB view hashes)

Uploaded CPython 3.4m

bcrypt-3.0.0-cp34-cp34m-manylinux1_i686.whl (57.0 kB view hashes)

Uploaded CPython 3.4m

bcrypt-3.0.0-cp34-cp34m-macosx_10_6_intel.whl (49.6 kB view hashes)

Uploaded CPython 3.4m macOS 10.6+ intel

bcrypt-3.0.0-cp33-cp33m-win_amd64.whl (23.2 kB view hashes)

Uploaded CPython 3.3m Windows x86-64

bcrypt-3.0.0-cp33-cp33m-win32.whl (22.8 kB view hashes)

Uploaded CPython 3.3m Windows x86

bcrypt-3.0.0-cp33-cp33m-manylinux1_x86_64.whl (55.7 kB view hashes)

Uploaded CPython 3.3m

bcrypt-3.0.0-cp33-cp33m-manylinux1_i686.whl (56.7 kB view hashes)

Uploaded CPython 3.3m

bcrypt-3.0.0-cp33-cp33m-macosx_10_6_intel.whl (49.6 kB view hashes)

Uploaded CPython 3.3m macOS 10.6+ intel

bcrypt-3.0.0-cp27-cp27mu-manylinux1_x86_64.whl (55.8 kB view hashes)

Uploaded CPython 2.7mu

bcrypt-3.0.0-cp27-cp27mu-manylinux1_i686.whl (56.9 kB view hashes)

Uploaded CPython 2.7mu

bcrypt-3.0.0-cp27-cp27mu-macosx_10_10_x86_64.whl (27.7 kB view hashes)

Uploaded CPython 2.7mu macOS 10.10+ x86-64

bcrypt-3.0.0-cp27-cp27m-win_amd64.whl (23.1 kB view hashes)

Uploaded CPython 2.7m Windows x86-64

bcrypt-3.0.0-cp27-cp27m-win32.whl (22.7 kB view hashes)

Uploaded CPython 2.7m Windows x86

bcrypt-3.0.0-cp27-cp27m-manylinux1_x86_64.whl (55.8 kB view hashes)

Uploaded CPython 2.7m

bcrypt-3.0.0-cp27-cp27m-manylinux1_i686.whl (56.9 kB view hashes)

Uploaded CPython 2.7m

bcrypt-3.0.0-cp27-cp27m-macosx_10_6_intel.whl (49.6 kB view hashes)

Uploaded CPython 2.7m macOS 10.6+ intel

bcrypt-3.0.0-cp26-cp26mu-manylinux1_x86_64.whl (55.8 kB view hashes)

Uploaded CPython 2.6mu

bcrypt-3.0.0-cp26-cp26mu-manylinux1_i686.whl (56.8 kB view hashes)

Uploaded CPython 2.6mu

bcrypt-3.0.0-cp26-cp26m-win_amd64.whl (23.4 kB view hashes)

Uploaded CPython 2.6m Windows x86-64

bcrypt-3.0.0-cp26-cp26m-win32.whl (22.9 kB view hashes)

Uploaded CPython 2.6m Windows x86

bcrypt-3.0.0-cp26-cp26m-manylinux1_x86_64.whl (55.8 kB view hashes)

Uploaded CPython 2.6m

bcrypt-3.0.0-cp26-cp26m-manylinux1_i686.whl (56.8 kB view hashes)

Uploaded CPython 2.6m

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page