py-bcrypt
py-bcrypt is a Python wrapper of OpenBSD's Blowfish password hashing code, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières.
This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking and frustrate fast hardware implementation. The computation cost of the algorithm is parametised, so it can be increased as computers get faster. The intent is to make a compromise of a password database less likely to result in an attacker gaining knowledge of the plaintext passwords (e.g. using John the Ripper).
py-bcrypt requires Python 2.4. Older versions may work, but the bcrypt.gensalt() method won't - it requires the cryptographic random number generator os.urandom() introduced in 2.4.
py-bcrypt is licensed under a ISC/BSD licence. The underlying Blowfish and hashing code implementation is taken from OpenBSD's libc and is subject to a 4-term BSD license. See the LICENSE file for details.
The API is very simple:
import bcrypt
# Hash a password for the first time, with a randomly-generated salt
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
# gensalt's log_rounds parameter determines the complexity.
# The work factor is 2**log_rounds, and the default is 12
hashed = bcrypt.hashpw(password, bcrypt.gensalt(10))
# Check that an unencrypted password matches one that has
# previously been hashed
if bcrypt.hashpw(password, hashed) == hashed:
print "It matches"
else:
print "It does not match"
News
Mon, 28 Mar 2011: Project moved to Google Code
py-bcrypt has moved to Google Code. Release tarballs are available from there and should download quite a bit faster. Revision control now uses Mercurial, which supports local branches and modifications much better than CVS. Bug tracking remains at bugzilla for now, but it might too move in the future.
Moving to Google Code makes it much easier to add additional developers to the project. If you have contributed in the past to py-bcrypt and are interested in becoming a developer, then please let me know.
Sat, 24 Jul 2010: py-bcrypt-0.2 released
An updated release py-bcrypt-0.2 is available. This release includes support for setuptools and also releases the GIL while it is performing slow cryptographic operations.
Wed, 25 Apr 2007: Binary release for Python 2.5
I have just compiled and built a binary release of py-bcrypt for Windows Python 2.5. It is available from the download section below.
Tue, 08 Aug 2006: Windows binary available
After wrestling with Microsoft's compilers and headers, I have been able to build and release Windows binaries of the bcrypt module. These are available below in the download section. Some minor changes were required to the module to build it, if you are interested you can see them in CVS.
Mon, 22 May 2006: py-bcrypt-0.1 released
The first release, py-bcrypt-0.1 is out.
Download
py-bcrypt is now hosted at Google Code. You can download tar releases or pull the current development source from there.