Python
There are many Python libraries available that deal with hashing and security, but for managing passwords, one of the most popular is passlib. Passlib provides a simple interface on top of a number of different hashing backends.
This guide will cover bcrypt which is usually the best option available.
Installation
Passlib supports 4 different bcrypt backends and provides its own pure-python fallback implementation (which should probably not be used in production). Passlib will use the first one of the following:
- bcrypt
- py-bcrypt
- bcryptor
- stdlib's crypt.crypt() on OSs that support bcrypt
- passlib's fallback implementation (if enabled)
Install a backend and passlib using pip (or easy_install).
$ pip install bcrypt
$ pip install passlib
Usage
Passlib's hashing interface exposes two main methods
passlib.hash.bcrypt.encrypt(<string>[,salt=<salt>, rounds=12, ident='2a'])Create a new password hashpasslib.hash.bcrypt.verify(<string>, <hash>)Confirm a given password matches the hash
Hashing a Password
To hash a password, do the following:
from passlib.hash import bcrypt
hash = bcrypt.encrypt("my_password")
The encrypt method takes a number of optional named params, most importantly rounds, which is an integer between 1 and 31 (inclusive) which dictate how long it takes to hash a password. By default, the library will set this value to 12, but you can tune this up and down based on the hardware your application is running on.
You also have the option of setting a salt. NOT providing a salt will cause the library to generate a cryptographically secure random salt for you, which is a very good thing.
Verifying a Password
To verify a password, we do:
if (bcrypt.verify("my_password", hash)):
# Password matches
else:
# Password doesn't match