Bitbucket is a code hosting site with unlimited public and private repositories. We're also free for small teams!

Close

Python scrypt bindings

This is a set of Python bindings for the scrypt key derivation function.

Scrypt is useful when encrypting password as it is possible to specify a minimum amount of time to use when encrypting and decrypting. If, for example, a password takes 0.05 seconds to verify, a user won't notice the slight delay when signing in, but doing a brute force search of several billion passwords will take a considerable amount of time. This is in contrast to more traditional hash functions such as MD5 or the SHA family which can be implemented extremely fast on cheap hardware.

Installation

$ hg clone http://bitbucket.org/mhallin/py-scrypt
$ cd py-scrypt
$ python setup.py build

Become superuser (or use virtualenv):
# python setup.py install

Run tests after install:
$ python setup.py test

If you want py-scrypt for your Python 3 environment, just run the above commands with your Python 3 interpreter. Py-scrypt supports both Python 2 and 3.

Usage

The bindings are very simple -- there is an encrypt and a decrypt method on the scrypt module:

>>> import scrypt
>>> data = scrypt.encrypt('a secret message', 'password', maxtime=0.1) # This will take at least 0.1 seconds
>>> data[:20]
'scrypt\x00\r\x00\x00\x00\x08\x00\x00\x00\x01RX9H'
>>> scrypt.decrypt(data, 'password', maxtime=0.1) # This will also take at least 0.1 seconds
'a secret message'
>>> scrypt.decrypt(data, 'password', maxtime=0.05) # scrypt won't be able to decrypt this data fast enough
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
scrypt.error: decrypting file would take too long
>>> scrypt.decrypt(data, 'wrong password', maxtime=0.1) # scrypt will throw an exception if the password is incorrect
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
scrypt.error: password is incorrect

From these, one can make a simple password verifier using the following functions:

def randstr(length):
    return ''.join(chr(random.randint(0,255)) for i in range(length))

def hash_password(password, maxtime=0.5, datalength=64):
    return scrypt.encrypt(randstr(datalength), password, maxtime=maxtime)

def verify_password(hashed_password, guessed_password, maxtime=0.5):
    try:
        scrypt.decrypt(hashed_password, guessed_password, maxtime)
        return True
    except scrypt.error:
        return False

Acknowledgements

Scrypt was created by Colin Percival and is licensed as 2-clause BSD. Since scrypt does not normally build as a shared library, I have included the source for the currently latest version of the library in this repository. When a new version arrives, I will update these sources.

Burstaholic on Bitbucket provided the necessary changes to make the library build on Windows.

[Kelvin Wong][] on Bitbucket provided changes to make the library available on Mac OS X 10.6 and earlier, as well as changes to make the library work more like the command-line version of scrypt by default.

License

This library is licensed under the same license as scrypt; 2-clause BSD.

Recent activity

Kelvin Wong

Commits by Kelvin Wong were pushed to kelvinwong_ca/py-scrypt

3edcc9c - Added test suite to setup.py. python setup.py test now runs the test suite. Removed old test file as it was unimportable. Old tests moved to ...
Kelvin Wong

Commits by Kelvin Wong were pushed to kelvinwong_ca/py-scrypt

f703e6c - PY_LONG_LONG per pyport.h and Py_ssize_t use per PEP 353. Interestingly this code optimizes to O2, just like original scrypt 1.1.6 if you remove the Py_ssize_t ...
Kelvin Wong

Commits by Kelvin Wong were pushed to kelvinwong_ca/py-scrypt

44986ac - Types to match expected types in PyArg_ParseTupleAndKeywords. Explicit casts in crypto_scrypt call. Using Py_ssize_t per PEP353. Using PY_LONG_LONG macro instead of long long type, see ...
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.