Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

Python 3 password hashing library

Project Description

Wachtwoord is a ridiculously simple Python 3 specific password hashing library. It was written as none of the existing password hashing libraries, most notably fshp, passlib, cryha and Bcryptor supported Python 3.

Supported Hashing Schemes

Currently only one specific hashing scheme is supported: PBKDF2.

IMPORTANT Versions up to and including 0.12 didn’t implement PBKDF2 correctly. This version implements PBKDF2 directly from the specification as detailed in RFC2898. The implementation is tested against publicized test vectors (RFC6070)

Basic Usage

As Python 3 is very strict about the distinction between unicode strings and byte strings, Wachtwoord was designed to provide a uniform interface by requiring all input to be unicode strings and generating unicode strings as output exclusively.

Wachtwoord supports all the hash functions from the hashlib module. The length of the salt (default: 32) and the number of iterations (default: 10000) are configurable.

Two Modes Of Operation

Wachtwoord has two modes of operation. One where some minor initialization (that can fail) is done separately from the hashing of a password and one where both are done in one go. The former is more convenient when multiple passwords need to be hashed one after another. The other is more convenient when hashing is incidental.

Future hashing scheme extensions to Wachtwoord might make the initialization part more expensive. For the PBKDF2 scheme the difference is very small.

Separate initialization and hashing

>>> from wachtwoord.pbkdf2 import Engine
>>> engine = Engine()
>>> hash_encoded_password = engine.hash('secret_123')
>>> print(hash_encoded_password)
>>> is_correct_password = engine.verify('secret_123', hash_encoded_password)
>>> print(is_correct_password)

The Engine object allows certain parameters to be set that influence all the hashes that are subsequently generated. For instance, say we want to use the sha256 hash function instead of the default sha512 hash function:

>>> from wachtwoord.pbkdf2 import Engine
>>> engine = Engine(digestmod='sha256')

Similarly if we want to change the salt size and number of iterations we would call Engine as follows:

>>> from wachtwoord.pbkdf2 import Engine
>>> engine = Engine(digestmod='sha256', iterations=20000, salt_size=64)

Initialization and hashing in one go

>>> from wachtwoord.pbkdf2 import hash_password, verify_password
>>> hash_encoded_password = hash_password('secret_123')
>>> print(hash_encoded_password)
>>> is_correct_password = verify_password('secret_123', hash_encoded_password)
>>> print(is_correct_password)

The fact that the initialization and hashing happen in one go does not prevent us from changing the default values. We could have called hash_password as follows:

>>> from wachtwoord.pbkdf2 import hash_password
>>> hash_encoded_password = hash_password('secret_123', digestmod='sha256', iterations=20000, salt_size=64)

Origin of the name Wachtwoord

Wachtwoord is Dutch for password.

Release History

This version
History Node


History Node


History Node


History Node


History Node


Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, Size & Hash SHA256 Hash Help File Type Python Version Upload Date
(7.2 kB) Copy SHA256 Hash SHA256
Source None Oct 16, 2013

Supported By

Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Google Google Cloud Servers DreamHost DreamHost Log Hosting