Skip to main content

Modern password hashing for your software and your servers

Project description

bcrypt

Latest Version https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main

Acceptable password hashing for your software and your servers

Installation

To install bcrypt, simply:

$ pip install bcrypt

Note that bcrypt should build very easily on Linux provided you have a C compiler and a Rust compiler (the minimum supported Rust version is 1.56.0).

For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:

$ sudo apt-get install build-essential cargo

For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:

$ sudo yum install gcc cargo

For Alpine, the following command will ensure that the required dependencies are installed:

$ apk add --update musl-dev gcc cargo

Alternatives

While bcrypt remains an acceptable choice for password storage, depending on your specific use case you may also want to consider using scrypt (either via standard library or cryptography) or argon2id via argon2_cffi.

Changelog

4.0.0

  • bcrypt is now implemented in Rust. Users building from source will need to have a Rust compiler available. Nothing will change for users downloading wheels.

  • We no longer ship manylinux2010 wheels. Users should upgrade to the latest pip to ensure this doesn’t cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.

  • NUL bytes are now allowed in inputs.

3.2.2

  • Fixed packaging of py.typed files in wheels so that mypy works.

3.2.1

  • Added support for compilation on z/OS

  • The next release of bcrypt with be 4.0 and it will require Rust at compile time, for users building from source. There will be no additional requirement for users who are installing from wheels. Users on most platforms will be able to obtain a wheel by making sure they have an up to date pip. The minimum supported Rust version will be 1.56.0.

  • This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip.

3.2.0

  • Added typehints for library functions.

  • Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5).

  • Shipped abi3 Windows wheels (requires pip >= 20).

3.1.7

  • Set a setuptools lower bound for PEP517 wheel building.

  • We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.

3.1.6

  • Added support for compilation on Haiku.

3.1.5

  • Added support for compilation on AIX.

  • Dropped Python 2.6 and 3.3 support.

  • Switched to using abi3 wheels for Python 3. If you are not getting a wheel on a compatible platform please upgrade your pip version.

3.1.4

  • Fixed compilation with mingw and on illumos.

3.1.3

  • Fixed a compilation issue on Solaris.

  • Added a warning when using too few rounds with kdf.

3.1.2

  • Fixed a compile issue affecting big endian platforms.

  • Fixed invalid escape sequence warnings on Python 3.6.

  • Fixed building in non-UTF8 environments on Python 2.

3.1.1

  • Resolved a UserWarning when used with cffi 1.8.3.

3.1.0

  • Added support for checkpw, a convenience method for verifying a password.

  • Ensure that you get a $2y$ hash when you input a $2y$ salt.

  • Fixed a regression where $2a hashes were vulnerable to a wraparound bug.

  • Fixed compilation under Alpine Linux.

3.0.0

  • Switched the C backend to code obtained from the OpenBSD project rather than openwall.

  • Added support for bcrypt_pbkdf via the kdf function.

2.0.0

  • Added support for an adjustible prefix when calling gensalt.

  • Switched to CFFI 1.0+

Usage

Password Hashing

Hashing and then later checking that a password matches the previous hashed password is very simple:

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a randomly-generated salt
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
>>> # Check that an unhashed password matches one that has previously been
>>> # hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

KDF

As of 3.0.0 bcrypt now offers a kdf function which does bcrypt_pbkdf. This KDF is used in OpenSSH’s newer encrypted private key format.

>>> import bcrypt
>>> key = bcrypt.kdf(
...     password=b'password',
...     salt=b'salt',
...     desired_key_bytes=32,
...     rounds=100)

Adjustable Work Factor

One of bcrypt’s features is an adjustable logarithmic work factor. To adjust the work factor merely pass the desired number of rounds to bcrypt.gensalt(rounds=12) which defaults to 12):

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a certain number of rounds
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
>>> # Check that a unhashed password matches one that has previously been
>>> #   hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

Adjustable Prefix

Another one of bcrypt’s features is an adjustable prefix to let you define what libraries you’ll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

As of 3.0.0 the $2y$ prefix is still supported in hashpw but deprecated.

Maximum Password Length

The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:

>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
...     base64.b64encode(hashlib.sha256(password).digest()),
...     bcrypt.gensalt()
... )

Compatibility

This library should be compatible with py-bcrypt and it will run on Python 3.6+, and PyPy 3.

C Code

This library uses code from OpenBSD.

Security

bcrypt follows the same security policy as cryptography, if you identify a vulnerability, we ask you to contact us privately.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bcrypt-4.0.0.tar.gz (25.2 kB view details)

Uploaded Source

Built Distributions

bcrypt-4.0.0-cp36-abi3-win_amd64.whl (153.1 kB view details)

Uploaded CPython 3.6+Windows x86-64

bcrypt-4.0.0-cp36-abi3-win32.whl (159.9 kB view details)

Uploaded CPython 3.6+Windows x86

bcrypt-4.0.0-cp36-abi3-musllinux_1_1_x86_64.whl (624.6 kB view details)

Uploaded CPython 3.6+musllinux: musl 1.1+ x86-64

bcrypt-4.0.0-cp36-abi3-musllinux_1_1_aarch64.whl (614.6 kB view details)

Uploaded CPython 3.6+musllinux: musl 1.1+ ARM64

bcrypt-4.0.0-cp36-abi3-manylinux_2_28_x86_64.whl (594.4 kB view details)

Uploaded CPython 3.6+manylinux: glibc 2.28+ x86-64

bcrypt-4.0.0-cp36-abi3-manylinux_2_28_aarch64.whl (584.8 kB view details)

Uploaded CPython 3.6+manylinux: glibc 2.28+ ARM64

bcrypt-4.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (594.0 kB view details)

Uploaded CPython 3.6+manylinux: glibc 2.24+ x86-64

bcrypt-4.0.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (594.1 kB view details)

Uploaded CPython 3.6+manylinux: glibc 2.17+ x86-64

bcrypt-4.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (584.3 kB view details)

Uploaded CPython 3.6+manylinux: glibc 2.17+ ARM64

bcrypt-4.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl (584.3 kB view details)

Uploaded CPython 3.6+manylinux: glibc 2.17+ ARM64manylinux: glibc 2.24+ ARM64

bcrypt-4.0.0-cp36-abi3-macosx_10_10_universal2.whl (475.0 kB view details)

Uploaded CPython 3.6+macOS 10.10+ universal2 (ARM64, x86-64)

File details

Details for the file bcrypt-4.0.0.tar.gz.

File metadata

  • Download URL: bcrypt-4.0.0.tar.gz
  • Upload date:
  • Size: 25.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.10.1

File hashes

Hashes for bcrypt-4.0.0.tar.gz
Algorithm Hash digest
SHA256 c59c170fc9225faad04dde1ba61d85b413946e8ce2e5f5f5ff30dfd67283f319
MD5 5c39e0a4762a3d36afc5ab62baac24e4
BLAKE2b-256 99f2b71b9b5b2400fffac7d42c560ac89f302c4d8e328337b2f05f0a4d9e590d

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-win_amd64.whl.

File metadata

  • Download URL: bcrypt-4.0.0-cp36-abi3-win_amd64.whl
  • Upload date:
  • Size: 153.1 kB
  • Tags: CPython 3.6+, Windows x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.10.1

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 0b0f0c7141622a31e9734b7f649451147c04ebb5122327ac0bd23744df84be90
MD5 eba5962c0468c128fe141bb60478363d
BLAKE2b-256 b1f98c8e387e1c560448ada45266b6457be8949e58a0b5cb59e36d7506546139

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-win32.whl.

File metadata

  • Download URL: bcrypt-4.0.0-cp36-abi3-win32.whl
  • Upload date:
  • Size: 159.9 kB
  • Tags: CPython 3.6+, Windows x86
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.10.1

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-win32.whl
Algorithm Hash digest
SHA256 dc6ec3dc19b1c193b2f7cf279d3e32e7caf447532fbcb7af0906fe4398900c33
MD5 04e7caddd1600788635b7d36998c0fa1
BLAKE2b-256 b346fe43bd0912f884c91532e7b3f30923bf43861509b1796f38e1ff841b9653

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-musllinux_1_1_x86_64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-musllinux_1_1_x86_64.whl
Algorithm Hash digest
SHA256 ede0f506554571c8eda80db22b83c139303ec6b595b8f60c4c8157bdd0bdee36
MD5 edb2a02853bbe01cf1df1466ae7bbfe2
BLAKE2b-256 f4544bf31e9b77b1c64b3d45cd04d42dbac6b31e9599174d5429238a7a5913d8

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-musllinux_1_1_aarch64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-musllinux_1_1_aarch64.whl
Algorithm Hash digest
SHA256 bf413f2a9b0a2950fc750998899013f2e718d20fa4a58b85ca50b6df5ed1bbf9
MD5 45ad77dee5b828e40b5dc56be2a43c4c
BLAKE2b-256 3ac4085d1cbe08f2ac4933db949d5ad9d6d0210e451948e06f247857ab97c1f7

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-manylinux_2_28_x86_64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-manylinux_2_28_x86_64.whl
Algorithm Hash digest
SHA256 2d0dd19aad87e4ab882ef1d12df505f4c52b28b69666ce83c528f42c07379227
MD5 bbce24eaae9d9629a6ff4241f40ef931
BLAKE2b-256 95d1cdfcf698433b03af76df3f1ee15c840b1f6e54dcdd5a390a6d581d512ec4

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 594780b364fb45f2634c46ec8d3e61c1c0f1811c4f2da60e8eb15594ecbf93ed
MD5 b6ccde0f5523d37cc6fcef93d2f2f639
BLAKE2b-256 7ed973369b68fba1a4c1c6977a98466af2872b3b81ec3de341cbd8222825ee8a

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-manylinux_2_24_x86_64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-manylinux_2_24_x86_64.whl
Algorithm Hash digest
SHA256 7c7dd6c1f05bf89e65261d97ac3a6520f34c2acb369afb57e3ea4449be6ff8fd
MD5 3c110807074491fcae2914dd88016615
BLAKE2b-256 19c1c808dc7bacc620fefa7e7f573fc6b26b5b3030afe5fea7b16e8d87b4be44

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 bfb67f6a6c72dfb0a02f3df51550aa1862708e55128b22543e2b42c74f3620d7
MD5 6dc49509ee7518d560787d19d991e3d0
BLAKE2b-256 c57714bbcd08ad265577ad6ea8e8980b9c0ad668cecfd241ae169b6747c4491b

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 1c3334446fac200499e8bc04a530ce3cf0b3d7151e0e4ac5c0dddd3d95e97843
MD5 128d1973966a2b470b051c42d536bce5
BLAKE2b-256 54e564354519c6e6aee70994b9a948b7e823b4012bc7f08a614456c3517560a9

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl
Algorithm Hash digest
SHA256 8780e69f9deec9d60f947b169507d2c9816e4f11548f1f7ebee2af38b9b22ae4
MD5 9dae9cb127e132fe798ed2e167607139
BLAKE2b-256 ddbe70eee1a2a62b1986e9a60f74b0d7e095bc50fd7cd67109fd82377fa22b90

See more details on using hashes here.

File details

Details for the file bcrypt-4.0.0-cp36-abi3-macosx_10_10_universal2.whl.

File metadata

File hashes

Hashes for bcrypt-4.0.0-cp36-abi3-macosx_10_10_universal2.whl
Algorithm Hash digest
SHA256 845b1daf4df2dd94d2fdbc9454953ca9dd0e12970a0bfc9f3dcc6faea3fa96e4
MD5 ae737ca8b286a037e2c261466f7568ad
BLAKE2b-256 877bb9bda96f6fc870d1125f8c259bf905510f526b9dbeed4ef2a0df6e0106dc

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page