Skip to main content

Modern password hashing for your software and your servers

Project description

bcrypt

Latest Version https://travis-ci.org/pyca/bcrypt.svg?branch=master https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=master

Good password hashing for your software and your servers

Installation

To install bcrypt, simply:

$ pip install bcrypt

Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you’re not using pypy), and headers for the libffi libraries available on your system.

For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:

$ sudo apt-get install build-essential libffi-dev python-dev

For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:

$ sudo yum install gcc libffi-devel python-devel

For Alpine, the following command will ensure that the required dependencies are installed:

$ apk add --update musl-dev gcc libffi-dev

Alternatives

While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via standard library or cryptography) or argon2id via argon2_cffi.

Changelog

3.2.0

  • Added typehints for library functions.

  • Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5).

  • Shipped abi3 Windows wheels (requires pip >= 20).

3.1.7

  • Set a setuptools lower bound for PEP517 wheel building.

  • We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.

3.1.6

  • Added support for compilation on Haiku.

3.1.5

  • Added support for compilation on AIX.

  • Dropped Python 2.6 and 3.3 support.

  • Switched to using abi3 wheels for Python 3. If you are not getting a wheel on a compatible platform please upgrade your pip version.

3.1.4

  • Fixed compilation with mingw and on illumos.

3.1.3

  • Fixed a compilation issue on Solaris.

  • Added a warning when using too few rounds with kdf.

3.1.2

  • Fixed a compile issue affecting big endian platforms.

  • Fixed invalid escape sequence warnings on Python 3.6.

  • Fixed building in non-UTF8 environments on Python 2.

3.1.1

  • Resolved a UserWarning when used with cffi 1.8.3.

3.1.0

  • Added support for checkpw, a convenience method for verifying a password.

  • Ensure that you get a $2y$ hash when you input a $2y$ salt.

  • Fixed a regression where $2a hashes were vulnerable to a wraparound bug.

  • Fixed compilation under Alpine Linux.

3.0.0

  • Switched the C backend to code obtained from the OpenBSD project rather than openwall.

  • Added support for bcrypt_pbkdf via the kdf function.

2.0.0

  • Added support for an adjustible prefix when calling gensalt.

  • Switched to CFFI 1.0+

Usage

Password Hashing

Hashing and then later checking that a password matches the previous hashed password is very simple:

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a randomly-generated salt
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
>>> # Check that an unhashed password matches one that has previously been
>>> # hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

KDF

As of 3.0.0 bcrypt now offers a kdf function which does bcrypt_pbkdf. This KDF is used in OpenSSH’s newer encrypted private key format.

>>> import bcrypt
>>> key = bcrypt.kdf(
...     password=b'password',
...     salt=b'salt',
...     desired_key_bytes=32,
...     rounds=100)

Adjustable Work Factor

One of bcrypt’s features is an adjustable logarithmic work factor. To adjust the work factor merely pass the desired number of rounds to bcrypt.gensalt(rounds=12) which defaults to 12):

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a certain number of rounds
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
>>> # Check that a unhashed password matches one that has previously been
>>> #   hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

Adjustable Prefix

Another one of bcrypt’s features is an adjustable prefix to let you define what libraries you’ll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

As of 3.0.0 the $2y$ prefix is still supported in hashpw but deprecated.

Maximum Password Length

The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:

>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
...     base64.b64encode(hashlib.sha256(password).digest()),
...     bcrypt.gensalt()
... )

Compatibility

This library should be compatible with py-bcrypt and it will run on Python 3.6+, and PyPy 3.

C Code

This library uses code from OpenBSD.

Security

bcrypt follows the same security policy as cryptography, if you identify a vulnerability, we ask you to contact us privately.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bcrypt-3.2.0.tar.gz (42.4 kB view details)

Uploaded Source

Built Distributions

bcrypt-3.2.0-cp36-abi3-win_amd64.whl (28.9 kB view details)

Uploaded CPython 3.6+ Windows x86-64

bcrypt-3.2.0-cp36-abi3-win32.whl (27.3 kB view details)

Uploaded CPython 3.6+ Windows x86

bcrypt-3.2.0-cp36-abi3-musllinux_1_1_x86_64.whl (61.6 kB view details)

Uploaded CPython 3.6+ musllinux: musl 1.1+ x86-64

bcrypt-3.2.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl (61.9 kB view details)

Uploaded CPython 3.6+ manylinux: glibc 2.17+ x86-64 manylinux: glibc 2.24+ x86-64

bcrypt-3.2.0-cp36-abi3-manylinux2014_aarch64.whl (56.8 kB view details)

Uploaded CPython 3.6+

bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl (63.9 kB view details)

Uploaded CPython 3.6+ manylinux: glibc 2.12+ x86-64

bcrypt-3.2.0-cp36-abi3-manylinux1_x86_64.whl (63.9 kB view details)

Uploaded CPython 3.6+

bcrypt-3.2.0-cp36-abi3-macosx_10_10_universal2.whl (49.6 kB view details)

Uploaded CPython 3.6+ macOS 10.10+ universal2 (ARM64, x86-64)

bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl (31.9 kB view details)

Uploaded CPython 3.6+ macOS 10.9+ x86-64

File details

Details for the file bcrypt-3.2.0.tar.gz.

File metadata

  • Download URL: bcrypt-3.2.0.tar.gz
  • Upload date:
  • Size: 42.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for bcrypt-3.2.0.tar.gz
Algorithm Hash digest
SHA256 5b93c1726e50a93a033c36e5ca7fdcd29a5c7395af50a6892f5d9e7c6cfbfb29
MD5 fe31390dab603728f756cd3d6830c80a
BLAKE2b-256 d8ba21c475ead997ee21502d30f76fd93ad8d5858d19a3fad7cd153de698c4dd

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-win_amd64.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-win_amd64.whl
  • Upload date:
  • Size: 28.9 kB
  • Tags: CPython 3.6+, Windows x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 81fec756feff5b6818ea7ab031205e1d323d8943d237303baca2c5f9c7846f34
MD5 69fd9b79403ac778e6bdc0f1500bc592
BLAKE2b-256 218ded20081491e71f078e61804fe0c8250167008cf3ff594e1fb396cf138f2b

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-win32.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-win32.whl
  • Upload date:
  • Size: 27.3 kB
  • Tags: CPython 3.6+, Windows x86
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-win32.whl
Algorithm Hash digest
SHA256 a67fb841b35c28a59cebed05fbd3e80eea26e6d75851f0574a9273c80f3e9b55
MD5 26cac137ba4bd6cdc00bd264bb3b739d
BLAKE2b-256 74a51812e225ef3d0e59fb24662f922a1a756111e8b75dd65d9b168441017007

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-musllinux_1_1_x86_64.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-musllinux_1_1_x86_64.whl
  • Upload date:
  • Size: 61.6 kB
  • Tags: CPython 3.6+, musllinux: musl 1.1+ x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.10.1

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-musllinux_1_1_x86_64.whl
Algorithm Hash digest
SHA256 56e5da069a76470679f312a7d3d23deb3ac4519991a0361abc11da837087b61d
MD5 190bee69ef264a126f5b34a487f488c2
BLAKE2b-256 6623f0e4f9f37c00bbebb9014e3daaa8ca40561fef4a3dc12aee3643248c4208

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl.

File metadata

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl
Algorithm Hash digest
SHA256 a0584a92329210fcd75eb8a3250c5a941633f8bfaf2a18f81009b097732839b7
MD5 06d4ae90f71f53f6081d8e7fd2cd560e
BLAKE2b-256 c075323f3e9e051726cef8a1d71d340a208ed5fe9dbdebc13b83428355c1382e

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-manylinux2014_aarch64.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-manylinux2014_aarch64.whl
  • Upload date:
  • Size: 56.8 kB
  • Tags: CPython 3.6+
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 cdcdcb3972027f83fe24a48b1e90ea4b584d35f1cc279d76de6fc4b13376239d
MD5 ea2dacf212705252390ee01dcef82337
BLAKE2b-256 b596a2819de4faae6b6339a398ab1354770bf8fa532a5e0df0e2f08481fdb670

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl
  • Upload date:
  • Size: 63.9 kB
  • Tags: CPython 3.6+, manylinux: glibc 2.12+ x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl
Algorithm Hash digest
SHA256 cd1ea2ff3038509ea95f687256c46b79f5fc382ad0aa3664d200047546d511d1
MD5 cc5290aad33c237b4b2b4e74293c4eea
BLAKE2b-256 26706d218afbe4c73538053c1016dd631e8f25fffc10cd01f5c272d7acf3c03d

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-manylinux1_x86_64.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-manylinux1_x86_64.whl
  • Upload date:
  • Size: 63.9 kB
  • Tags: CPython 3.6+
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-manylinux1_x86_64.whl
Algorithm Hash digest
SHA256 63d4e3ff96188e5898779b6057878fecf3f11cfe6ec3b313ea09955d587ec7a7
MD5 1eed0c43ffe8a4f1429559eaf34ac701
BLAKE2b-256 52a751ab6481ac355517696477889d8ab232106a0ddadda642c54e47a2ab40b9

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-macosx_10_10_universal2.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-macosx_10_10_universal2.whl
  • Upload date:
  • Size: 49.6 kB
  • Tags: CPython 3.6+, macOS 10.10+ universal2 (ARM64, x86-64)
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.10.1

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-macosx_10_10_universal2.whl
Algorithm Hash digest
SHA256 b589229207630484aefe5899122fb938a5b017b0f4349f769b8c13e78d99a8fd
MD5 c785b14eb9f203fb36e42ac60358102a
BLAKE2b-256 6d419c68492335dc668066a420b1fb1809f24b933e74807142f9e2dd38dafe4b

See more details on using hashes here.

File details

Details for the file bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl.

File metadata

  • Download URL: bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl
  • Upload date:
  • Size: 31.9 kB
  • Tags: CPython 3.6+, macOS 10.9+ x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl
Algorithm Hash digest
SHA256 c95d4cbebffafcdd28bd28bb4e25b31c50f6da605c81ffd9ad8a3d1b2ab7b1b6
MD5 bacdb21e8f9c7dab81501c74fc27d7b3
BLAKE2b-256 bf6a0afb1e04aebd4c3ceae630a87a55fbfbbd94dea4eaf01e53d36743c85f02

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page