Passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 30 password hashing algorithms, as well as a framework for managing existing password hashes. It's designed to be useful for a wide range of tasks, from verifying a hash found in /etc/shadow, to providing full-strength password hashing for multi-user application.
- See the documentation for details, installation instructions, and examples.
- See the changelog for a description of what's new in Passlib.
- Visit PyPI for the latest stable release. All releases are signed with the gpg key 4D8592DF4CE1ED31.
- Additional questions about usage or features? Feel free to post on our mailing list.
A quick example of using passlib to integrate into a new application:
>>> # import the context under an app-specific name (so it can easily be replaced later)
>>> from passlib.apps import custom_app_context as pwd_context
>>> # encrypting a password...
>>> hash = pwd_context.hash("somepass")
>>> hash
'$6$rounds=36122$kzMjVFTjgSVuPoS.$zx2RoZ2TYRHoKn71Y60MFmyqNPxbNnTZdwYD8y2atgoRIp923WJSbcbQc6Af3osdW96MRfwb5Hk7FymOM6D7J1'
>>> # verifying a password...
>>> ok = pwd_context.verify("somepass", hash)
True
>>> ok = pwd_context.verify("letmein", hash)
FalseFor more details and an extended set of examples, see the full documentation; This example barely touches on the range of features available.
- Homepage - https://bitbucket.org/ecollins/passlib
- Documentation - https://passlib.readthedocs.io
- Mailing list - https://groups.google.com/group/passlib-users
- Downloads - https://pypi.python.org/pypi/passlib
- Source - https://bitbucket.org/ecollins/passlib/src
- Issues - https://bitbucket.org/ecollins/passlib/issues
- Roadmap - https://bitbucket.org/ecollins/passlib/wiki/Roadmap
Passlib's source repository uses Mercurial. When building Passlib from an hg clone, note that there are two main branches: default and stable.
defaultis the bleeding edge of the next major release. It may sometimes be of alpha quality.stableis the latest released version plus any pending bugfixes, and should be safe to use in production.