Oven logo

Oven

argon2-cffi: Argon2 for Python

Argon2 won the Password Hashing Competition and argon2-cffi is the simplest way to use it in Python:

>>> from argon2 import PasswordHasher
>>> ph = PasswordHasher()
>>> hash = ph.hash("correct horse battery staple")
>>> hash  # doctest: +SKIP
'$argon2id$v=19$m=65536,t=3,p=4$MIIRqgvgQbgj220jfp0MPA$YfwJSVjtjSU0zzV/P3S9nnQ/USre2wvJMjfCIjrTQbg'
>>> ph.verify(hash, "correct horse battery staple")
True
>>> ph.check_needs_rehash(hash)
False
>>> ph.verify(hash, "Tr0ub4dor&3")
Traceback (most recent call last):
  ...
argon2.exceptions.VerifyMismatchError: The password does not match the supplied hash

Project Links

Release Information

Removed

  • Python 3.6 is not supported anymore.

Deprecated

  • The InvalidHash exception is deprecated in favor of InvalidHashError. No plans for removal currently exist and the names can (but shouldn't) be used interchangeably.

  • argon2.hash_password(), argon2.hash_password_raw(), and argon2.verify_password() that have been soft-deprecated since 2016 are now hard-deprecated. They now raise DeprecationWarnings and will be removed in 2024.

Added

  • Official support for Python 3.11 and 3.12. No code changes were necessary.

  • argon2.exceptions.InvalidHashError as a replacement for InvalidHash.

  • salt parameter to argon2.PasswordHasher.hash() to allow for custom salts. This is only useful for specialized use-cases -- leave it on None unless you know exactly what you are doing. #153


→ Full Changelog

Credits

argon2-cffi is maintained by Hynek Schlawack.

The development is kindly supported by my employer Variomedia AG, argon2-cffi Tidelift subscribers, and my amazing GitHub Sponsors.

argon2-cffi for Enterprise

Available as part of the Tidelift Subscription.

The maintainers of argon2-cffi and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.