METADATA 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271
  1. Metadata-Version: 2.1
  2. Name: bcrypt
  3. Version: 3.2.2
  4. Summary: Modern password hashing for your software and your servers
  5. Home-page: https://github.com/pyca/bcrypt/
  6. Author: The Python Cryptographic Authority developers
  7. Author-email: cryptography-dev@python.org
  8. License: Apache License, Version 2.0
  9. Platform: UNKNOWN
  10. Classifier: Development Status :: 5 - Production/Stable
  11. Classifier: License :: OSI Approved :: Apache Software License
  12. Classifier: Programming Language :: Python :: Implementation :: CPython
  13. Classifier: Programming Language :: Python :: Implementation :: PyPy
  14. Classifier: Programming Language :: Python :: 3
  15. Classifier: Programming Language :: Python :: 3 :: Only
  16. Classifier: Programming Language :: Python :: 3.6
  17. Classifier: Programming Language :: Python :: 3.7
  18. Classifier: Programming Language :: Python :: 3.8
  19. Classifier: Programming Language :: Python :: 3.9
  20. Classifier: Programming Language :: Python :: 3.10
  21. Requires-Python: >=3.6
  22. Description-Content-Type: text/x-rst
  23. Requires-Dist: cffi (>=1.1)
  24. Provides-Extra: tests
  25. Requires-Dist: pytest (!=3.3.0,>=3.2.1) ; extra == 'tests'
  26. Provides-Extra: typecheck
  27. Requires-Dist: mypy ; extra == 'typecheck'
  28. bcrypt
  29. ======
  30. .. image:: https://img.shields.io/pypi/v/bcrypt.svg
  31. :target: https://pypi.org/project/bcrypt/
  32. :alt: Latest Version
  33. .. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main
  34. :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amain
  35. Good password hashing for your software and your servers
  36. Installation
  37. ============
  38. To install bcrypt, simply:
  39. .. code:: bash
  40. $ pip install bcrypt
  41. Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system.
  42. For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:
  43. .. code:: bash
  44. $ sudo apt-get install build-essential libffi-dev python-dev
  45. For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:
  46. .. code:: bash
  47. $ sudo yum install gcc libffi-devel python-devel
  48. For Alpine, the following command will ensure that the required dependencies are installed:
  49. .. code:: bash
  50. $ apk add --update musl-dev gcc libffi-dev
  51. Alternatives
  52. ============
  53. While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_.
  54. Changelog
  55. =========
  56. 3.2.2
  57. -----
  58. * Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works.
  59. 3.2.1
  60. -----
  61. * Added support for compilation on z/OS
  62. * The next release of ``bcrypt`` with be 4.0 and it will require Rust at
  63. compile time, for users building from source. There will be no additional
  64. requirement for users who are installing from wheels. Users on most
  65. platforms will be able to obtain a wheel by making sure they have an up to
  66. date ``pip``. The minimum supported Rust version will be 1.56.0.
  67. * This will be the final release for which we ship ``manylinux2010`` wheels.
  68. Going forward the minimum supported manylinux ABI for our wheels will be
  69. ``manylinux2014``. The vast majority of users will continue to receive
  70. ``manylinux`` wheels provided they have an up to date ``pip``.
  71. 3.2.0
  72. -----
  73. * Added typehints for library functions.
  74. * Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5).
  75. * Shipped ``abi3`` Windows wheels (requires pip >= 20).
  76. 3.1.7
  77. -----
  78. * Set a ``setuptools`` lower bound for PEP517 wheel building.
  79. * We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce
  80. them was a maintenance burden.
  81. 3.1.6
  82. -----
  83. * Added support for compilation on Haiku.
  84. 3.1.5
  85. -----
  86. * Added support for compilation on AIX.
  87. * Dropped Python 2.6 and 3.3 support.
  88. * Switched to using ``abi3`` wheels for Python 3. If you are not getting a
  89. wheel on a compatible platform please upgrade your ``pip`` version.
  90. 3.1.4
  91. -----
  92. * Fixed compilation with mingw and on illumos.
  93. 3.1.3
  94. -----
  95. * Fixed a compilation issue on Solaris.
  96. * Added a warning when using too few rounds with ``kdf``.
  97. 3.1.2
  98. -----
  99. * Fixed a compile issue affecting big endian platforms.
  100. * Fixed invalid escape sequence warnings on Python 3.6.
  101. * Fixed building in non-UTF8 environments on Python 2.
  102. 3.1.1
  103. -----
  104. * Resolved a ``UserWarning`` when used with ``cffi`` 1.8.3.
  105. 3.1.0
  106. -----
  107. * Added support for ``checkpw``, a convenience method for verifying a password.
  108. * Ensure that you get a ``$2y$`` hash when you input a ``$2y$`` salt.
  109. * Fixed a regression where ``$2a`` hashes were vulnerable to a wraparound bug.
  110. * Fixed compilation under Alpine Linux.
  111. 3.0.0
  112. -----
  113. * Switched the C backend to code obtained from the OpenBSD project rather than
  114. openwall.
  115. * Added support for ``bcrypt_pbkdf`` via the ``kdf`` function.
  116. 2.0.0
  117. -----
  118. * Added support for an adjustible prefix when calling ``gensalt``.
  119. * Switched to CFFI 1.0+
  120. Usage
  121. -----
  122. Password Hashing
  123. ~~~~~~~~~~~~~~~~
  124. Hashing and then later checking that a password matches the previous hashed
  125. password is very simple:
  126. .. code:: pycon
  127. >>> import bcrypt
  128. >>> password = b"super secret password"
  129. >>> # Hash a password for the first time, with a randomly-generated salt
  130. >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
  131. >>> # Check that an unhashed password matches one that has previously been
  132. >>> # hashed
  133. >>> if bcrypt.checkpw(password, hashed):
  134. ... print("It Matches!")
  135. ... else:
  136. ... print("It Does not Match :(")
  137. KDF
  138. ~~~
  139. As of 3.0.0 ``bcrypt`` now offers a ``kdf`` function which does ``bcrypt_pbkdf``.
  140. This KDF is used in OpenSSH's newer encrypted private key format.
  141. .. code:: pycon
  142. >>> import bcrypt
  143. >>> key = bcrypt.kdf(
  144. ... password=b'password',
  145. ... salt=b'salt',
  146. ... desired_key_bytes=32,
  147. ... rounds=100)
  148. Adjustable Work Factor
  149. ~~~~~~~~~~~~~~~~~~~~~~
  150. One of bcrypt's features is an adjustable logarithmic work factor. To adjust
  151. the work factor merely pass the desired number of rounds to
  152. ``bcrypt.gensalt(rounds=12)`` which defaults to 12):
  153. .. code:: pycon
  154. >>> import bcrypt
  155. >>> password = b"super secret password"
  156. >>> # Hash a password for the first time, with a certain number of rounds
  157. >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
  158. >>> # Check that a unhashed password matches one that has previously been
  159. >>> # hashed
  160. >>> if bcrypt.checkpw(password, hashed):
  161. ... print("It Matches!")
  162. ... else:
  163. ... print("It Does not Match :(")
  164. Adjustable Prefix
  165. ~~~~~~~~~~~~~~~~~
  166. Another one of bcrypt's features is an adjustable prefix to let you define what
  167. libraries you'll remain compatible with. To adjust this, pass either ``2a`` or
  168. ``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object.
  169. As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated.
  170. Maximum Password Length
  171. ~~~~~~~~~~~~~~~~~~~~~~~
  172. The bcrypt algorithm only handles passwords up to 72 characters, any characters
  173. beyond that are ignored. To work around this, a common approach is to hash a
  174. password with a cryptographic hash (such as ``sha256``) and then base64
  175. encode it to prevent NULL byte problems before hashing the result with
  176. ``bcrypt``:
  177. .. code:: pycon
  178. >>> password = b"an incredibly long password" * 10
  179. >>> hashed = bcrypt.hashpw(
  180. ... base64.b64encode(hashlib.sha256(password).digest()),
  181. ... bcrypt.gensalt()
  182. ... )
  183. Compatibility
  184. -------------
  185. This library should be compatible with py-bcrypt and it will run on Python
  186. 3.6+, and PyPy 3.
  187. C Code
  188. ------
  189. This library uses code from OpenBSD.
  190. Security
  191. --------
  192. ``bcrypt`` follows the `same security policy as cryptography`_, if you
  193. identify a vulnerability, we ask you to contact us privately.
  194. .. _`same security policy as cryptography`: https://cryptography.io/en/latest/security.html
  195. .. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt
  196. .. _`argon2_cffi`: https://argon2-cffi.readthedocs.io
  197. .. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt