Modern(-ish) password hashing for your software and your servers

Related tags

Cryptographypython
Overview

bcrypt

Latest Version https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=master

Good password hashing for your software and your servers

Installation

To install bcrypt, simply:

$ pip install bcrypt

Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system.

For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:

$ sudo apt-get install build-essential libffi-dev python-dev

For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:

$ sudo yum install gcc libffi-devel python-devel

For Alpine, the following command will ensure that the required dependencies are installed:

$ apk add --update musl-dev gcc libffi-dev

Alternatives

While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via standard library or cryptography) or argon2id via argon2_cffi.

Changelog

UNRELEASED

3.2.0

  • Added typehints for library functions.
  • Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5).
  • Shipped abi3 Windows wheels (requires pip >= 20).

3.1.7

  • Set a setuptools lower bound for PEP517 wheel building.
  • We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.

3.1.6

  • Added support for compilation on Haiku.

3.1.5

  • Added support for compilation on AIX.
  • Dropped Python 2.6 and 3.3 support.
  • Switched to using abi3 wheels for Python 3. If you are not getting a wheel on a compatible platform please upgrade your pip version.

3.1.4

  • Fixed compilation with mingw and on illumos.

3.1.3

  • Fixed a compilation issue on Solaris.
  • Added a warning when using too few rounds with kdf.

3.1.2

  • Fixed a compile issue affecting big endian platforms.
  • Fixed invalid escape sequence warnings on Python 3.6.
  • Fixed building in non-UTF8 environments on Python 2.

3.1.1

  • Resolved a UserWarning when used with cffi 1.8.3.

3.1.0

  • Added support for checkpw, a convenience method for verifying a password.
  • Ensure that you get a $2y$ hash when you input a $2y$ salt.
  • Fixed a regression where $2a hashes were vulnerable to a wraparound bug.
  • Fixed compilation under Alpine Linux.

3.0.0

  • Switched the C backend to code obtained from the OpenBSD project rather than openwall.
  • Added support for bcrypt_pbkdf via the kdf function.

2.0.0

  • Added support for an adjustible prefix when calling gensalt.
  • Switched to CFFI 1.0+

Usage

Password Hashing

Hashing and then later checking that a password matches the previous hashed password is very simple:

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a randomly-generated salt
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
>>> # Check that an unhashed password matches one that has previously been
>>> # hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

KDF

As of 3.0.0 bcrypt now offers a kdf function which does bcrypt_pbkdf. This KDF is used in OpenSSH's newer encrypted private key format.

>>> import bcrypt
>>> key = bcrypt.kdf(
...     password=b'password',
...     salt=b'salt',
...     desired_key_bytes=32,
...     rounds=100)

Adjustable Work Factor

One of bcrypt's features is an adjustable logarithmic work factor. To adjust the work factor merely pass the desired number of rounds to bcrypt.gensalt(rounds=12) which defaults to 12):

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a certain number of rounds
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
>>> # Check that a unhashed password matches one that has previously been
>>> #   hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

Adjustable Prefix

Another one of bcrypt's features is an adjustable prefix to let you define what libraries you'll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

As of 3.0.0 the $2y$ prefix is still supported in hashpw but deprecated.

Maximum Password Length

The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:

>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
...     base64.b64encode(hashlib.sha256(password).digest()),
...     bcrypt.gensalt()
... )

Compatibility

This library should be compatible with py-bcrypt and it will run on Python 3.6+, and PyPy 3.

C Code

This library uses code from OpenBSD.

Security

bcrypt follows the same security policy as cryptography, if you identify a vulnerability, we ask you to contact us privately.

Owner
Python Cryptographic Authority
Python Cryptographic Authority
This demo is an on-chain NFT auction using smart contracts on the Algorand blockchain.

Algorand Auction Demo This demo is an on-chain NFT auction using smart contracts on the Algorand blockchain. Usage The file auction/operations.py prov

1 Jan 27, 2022
PyCrypter , A Tool To Encrypt/Decrypt Text/Code With Ease And Safe Using Password !

PyCrypter PyCrypter , A Tool To Encrypt/Decrypt Text/Code With Ease And Safe Using Password ! Requirements pyfiglet And colorama Usage First Clone The

1 Nov 12, 2021
Solutions to all 6 programming assignments in Dan Boneh's course Cryptography I, in statically typed Python.

Solutions to Cryptography I programming exercises Dan Boneh from Stanford University has an excellent online course on cryptography, hosted on Courser

Axel Lindeberg 8 Dec 16, 2022
PeGuard - Windows PE crypter and packing utility

PEGUARD PEGUARD is a file crypter and packing utility. This project was original

11 Nov 28, 2022
This is a Sharding Simulator to study blockchain scalability

Sharding Simulator This is a Sharding Simulator to study blockchain scalability. How to run on Ubuntu First make sure you have the header file for Pyt

1 Jan 23, 2022
DCAStack: an Automated Dollar Cost Averaging Bot for Your Crypto

Welcome to DCA Stack! An Automated Dollar Cost Averaging Bot For Your Crypto Web

0 Sep 03, 2022
Generate bitcoin public and private keys and check if they match a filelist of existing addresses that have a nonzero balance

btc-heist Running Install deps, i.e., python3 -m pip install -r requirements.txt Download the CSV dump of all bitcoin addresses with a balance and cut

Denis Khoshaba 103 Dec 05, 2022
Calculate your taxes from cryptocurrency gains

CoinTaxman helps you to bring your income from crypto trading, lending, ... into your tax declaration.

Jeppy 118 Dec 26, 2022
In this repository there are two types of code files

encryption-decryption In this repository there are two types of code files Me Friend Code in the 'Me' file can use for encryption and Code in the 'Fri

Vicksura Dulhan Perera 1 Nov 22, 2021
J. Brandon Walker 1 May 13, 2022
🔑 Password manager and password generator

Password-Manager Create Account Quick Login Generate Password Save Password Offline App Passwords are stored on your system and no one has access to t

Abbas Ataei 41 Nov 09, 2022
Aza this is a text encryption software

Aza text encryptor General info Aza this is a text encryption software Help command: python aza.py --help Examples python aza.py --text "Sample text h

ToxidWorm 1 Sep 10, 2022
An advanced caesar cypher python module

CaesarPlus An advanced caesar cypher python module What is CaesarPlus CaesarPlus is a advanced caesar cypher python module that is more secure than ca

1 Mar 18, 2022
This project is a proof of concept to create a dashboard using Dash to display information about various cryptocurrencies.

This project is a WIP as a way to display useful information about cryptocurrencies. It's currently being actively developed as a proof of concept, and a way to visualize more useful data about vario

7 Apr 21, 2022
A really, really bad way to encrypt your text

deoxyencryptingnucleicacids A really, really bad way to encrypt your text. A general description of the scheme Encoding: The ascii plaintext is first

Sam Pinkerton 1 Nov 01, 2021
Um sistema de Criptografia RSA feito totalmente em Python

Um sistema de Criptografia RSA feito totalmente em Python

Luis Müdder 3 Nov 23, 2021
Simple python program to encrypt files with AES-256 encryption

simple-enc Simple python program to encrypt files with AES-256 encryption Setup First install "pyAesCrypt" using pip. Thats it! Optionally you can add

Hashm 2 Jan 19, 2022
Venax 116 Dec 21, 2022
smartpassgen - A cross-platform package of modules for generating, secure storage and recovery of complex, cryptographic, smart passwords on the fly.

smartpassgen - A cross-platform package of modules for generating, secure storage and recovery of complex, cryptographic, smart passwords on the fly.

4 Sep 04, 2021
Encrypt decrypt files - Programmed in Python | PySimpleGUI

Crypter Programmed in Python | PySimpleGUI If you like it give it a star How it works Crypter program use Fernet for encryption. Fernet guarantees tha

Adrijan 11 Jun 18, 2022