py-bcrypt /

Filename Size Date modified Message
714 B
8.1 KB
63 B
807 B
2.0 KB
54 B
2.2 KB

py-bcrypt is an implementation the OpenBSD Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres:

This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking. The computation cost of the algorithm is parametised, so it can be increased as computers get faster.

py-bcrypt requires Python 2.4. Older versions may work, but the bcrypt.gensalt() method won't - it requires the cryptographic random number generator os.urandom() introduced in 2.4.

To install, use the standard Python distutils incantation:

python build python install

Regression tests are in the test/ file. This is deliberately in a subdirectory so it does not mistakenly pick up the top-level bcrypt/ directory. *PLEASE* run the regress tests and ensure they pass before installing this module.

py-bcrypt is licensed under a ISC/BSD licence. The underlying Blowfish and password hashing code is taken from OpenBSD's libc. See the LICENSE file for details.

Please report bugs to Damien Miller <>. Please check the TODO file first, in case your problem is something I already know about (please send patches!)

A simple example that demonstrates most of the features:

import bcrypt

# Hash a password for the first time hashed = bcrypt.hashpw(password, bcrypt.gensalt())

# gensalt's log_rounds parameter determines the complexity # the work factor is 2**log_rounds, and the default is 12 hashed = bcrypt.hashpw(password, bcrypt.gensalt(10))

# Check that an unencrypted password matches one that has # previously been hashed. if bcrypt.checkpw(plaintext, hashed):

print "It matches"
print "It does not match"

# Generate a 256-bit cryptographic key key = bcrypt.kdf(password, salt, 100, 256/8)