Argon2 for Python
Argon2 won the Password Hashing Competition and argon2-cffi is the simplest way to use it in Python:
>>> from argon2 import PasswordHasher
>>> ph = PasswordHasher()
>>> hash = ph.hash("correct horse battery staple")
>>> hash # doctest: +SKIP
'$argon2id$v=19$m=65536,t=3,p=4$MIIRqgvgQbgj220jfp0MPA$YfwJSVjtjSU0zzV/P3S9nnQ/USre2wvJMjfCIjrTQbg'
>>> ph.verify(hash, "correct horse battery staple")
True
>>> ph.check_needs_rehash(hash)
False
>>> ph.verify(hash, "Tr0ub4dor&3")
Traceback (most recent call last):
...
argon2.exceptions.VerifyMismatchError: The password does not match the supplied hash
The InvalidHash exception is deprecated in favor of InvalidHashError.
No plans for removal currently exist and the names can (but shouldn't) be used interchangeably.
argon2.hash_password(), argon2.hash_password_raw(), and argon2.verify_password() that have been soft-deprecated since 2016 are now hard-deprecated.
They now raise DeprecationWarnings and will be removed in 2024.
Official support for Python 3.11 and 3.12. No code changes were necessary.
argon2.exceptions.InvalidHashError as a replacement for InvalidHash.
salt parameter to argon2.PasswordHasher.hash() to allow for custom salts.
This is only useful for specialized use-cases -- leave it on None unless you know exactly what you are doing.
#153
argon2-cffi is maintained by Hynek Schlawack.
The development is kindly supported by my employer Variomedia AG, argon2-cffi Tidelift subscribers, and my amazing GitHub Sponsors.
Available as part of the Tidelift Subscription.
The maintainers of argon2-cffi and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.