Argon2 for Python
Argon2 won the Password Hashing Competition and argon2-cffi is the simplest way to use it in Python:
>>> from argon2 import PasswordHasher
>>> ph = PasswordHasher()
>>> hash = ph.hash("correct horse battery staple")
>>> hash # doctest: +SKIP
'$argon2id$v=19$m=65536,t=3,p=4$MIIRqgvgQbgj220jfp0MPA$YfwJSVjtjSU0zzV/P3S9nnQ/USre2wvJMjfCIjrTQbg'
>>> ph.verify(hash, "correct horse battery staple")
True
>>> ph.check_needs_rehash(hash)
False
>>> ph.verify(hash, "Tr0ub4dor&3")
Traceback (most recent call last):
...
argon2.exceptions.VerifyMismatchError: The password does not match the supplied hash
The InvalidHash
exception is deprecated in favor of InvalidHashError
.
No plans for removal currently exist and the names can (but shouldn't) be used interchangeably.
argon2.hash_password()
, argon2.hash_password_raw()
, and argon2.verify_password()
that have been soft-deprecated since 2016 are now hard-deprecated.
They now raise DeprecationWarning
s and will be removed in 2024.
Official support for Python 3.11 and 3.12. No code changes were necessary.
argon2.exceptions.InvalidHashError
as a replacement for InvalidHash
.
salt parameter to argon2.PasswordHasher.hash()
to allow for custom salts.
This is only useful for specialized use-cases -- leave it on None unless you know exactly what you are doing.
#153
argon2-cffi is maintained by Hynek Schlawack.
The development is kindly supported by my employer Variomedia AG, argon2-cffi Tidelift subscribers, and my amazing GitHub Sponsors.
Available as part of the Tidelift Subscription.
The maintainers of argon2-cffi and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.