GithubHelp home page GithubHelp logo

classicvalues / bcrypt Goto Github PK

View Code? Open in Web Editor NEW

This project forked from pyca/bcrypt

1.0 1.0 0.0 305 KB

Modern(-ish) password hashing for your software and your servers

License: Apache License 2.0

C 70.53% Python 28.70% Shell 0.76%

bcrypt's Introduction

bcrypt

Latest Version https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main

Good password hashing for your software and your servers

Installation

To install bcrypt, simply:

$ pip install bcrypt

Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system.

For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:

$ sudo apt-get install build-essential libffi-dev python-dev

For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:

$ sudo yum install gcc libffi-devel python-devel

For Alpine, the following command will ensure that the required dependencies are installed:

$ apk add --update musl-dev gcc libffi-dev

Alternatives

While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via standard library or cryptography) or argon2id via argon2_cffi.

Changelog

UNRELEASED

  • Added support for compilation on z/OS

3.2.0

  • Added typehints for library functions.
  • Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5).
  • Shipped abi3 Windows wheels (requires pip >= 20).

3.1.7

  • Set a setuptools lower bound for PEP517 wheel building.
  • We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.

3.1.6

  • Added support for compilation on Haiku.

3.1.5

  • Added support for compilation on AIX.
  • Dropped Python 2.6 and 3.3 support.
  • Switched to using abi3 wheels for Python 3. If you are not getting a wheel on a compatible platform please upgrade your pip version.

3.1.4

  • Fixed compilation with mingw and on illumos.

3.1.3

  • Fixed a compilation issue on Solaris.
  • Added a warning when using too few rounds with kdf.

3.1.2

  • Fixed a compile issue affecting big endian platforms.
  • Fixed invalid escape sequence warnings on Python 3.6.
  • Fixed building in non-UTF8 environments on Python 2.

3.1.1

  • Resolved a UserWarning when used with cffi 1.8.3.

3.1.0

  • Added support for checkpw, a convenience method for verifying a password.
  • Ensure that you get a $2y$ hash when you input a $2y$ salt.
  • Fixed a regression where $2a hashes were vulnerable to a wraparound bug.
  • Fixed compilation under Alpine Linux.

3.0.0

  • Switched the C backend to code obtained from the OpenBSD project rather than openwall.
  • Added support for bcrypt_pbkdf via the kdf function.

2.0.0

  • Added support for an adjustible prefix when calling gensalt.
  • Switched to CFFI 1.0+

Usage

Password Hashing

Hashing and then later checking that a password matches the previous hashed password is very simple:

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a randomly-generated salt
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
>>> # Check that an unhashed password matches one that has previously been
>>> # hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

KDF

As of 3.0.0 bcrypt now offers a kdf function which does bcrypt_pbkdf. This KDF is used in OpenSSH's newer encrypted private key format.

>>> import bcrypt
>>> key = bcrypt.kdf(
...     password=b'password',
...     salt=b'salt',
...     desired_key_bytes=32,
...     rounds=100)

Adjustable Work Factor

One of bcrypt's features is an adjustable logarithmic work factor. To adjust the work factor merely pass the desired number of rounds to bcrypt.gensalt(rounds=12) which defaults to 12):

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a certain number of rounds
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
>>> # Check that a unhashed password matches one that has previously been
>>> #   hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

Adjustable Prefix

Another one of bcrypt's features is an adjustable prefix to let you define what libraries you'll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

As of 3.0.0 the $2y$ prefix is still supported in hashpw but deprecated.

Maximum Password Length

The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:

>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
...     base64.b64encode(hashlib.sha256(password).digest()),
...     bcrypt.gensalt()
... )

Compatibility

This library should be compatible with py-bcrypt and it will run on Python 3.6+, and PyPy 3.

C Code

This library uses code from OpenBSD.

Security

bcrypt follows the same security policy as cryptography, if you identify a vulnerability, we ask you to contact us privately.

bcrypt's People

Contributors

alex avatar ayrx avatar bsoyka avatar chris-erickson avatar dependabot[bot] avatar dhduvall avatar dr-bean avatar dreid avatar dstufft avatar eduzen avatar elliejeong avatar fogapod avatar hugovk avatar hynek avatar jazzyb avatar jdufresne avatar k3it avatar lgommans avatar manthey avatar markround avatar odidev avatar reaperhulk avatar sbdchd avatar sblondon avatar sbrunel avatar timgraham avatar wakayser avatar webknjaz avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.