utility library to verify, hash, compare and more for passwords
Just run pip install password-library
List of supported algorithms
| Algorythm | Comment |
|---|---|
| sha1 | |
| sha224 | |
| sha256 | |
| sha384 | |
| sha512 | |
| sha3_224 | |
| sha3_256 | |
| sha3_384 | |
| sha3_512 | |
| shake_128 | |
| shake_256 | |
| blake2b | Not Tested |
| blake2s | Not Tested |
| md5 |
passwordlib offers an easy interface to create password-hashes
from passwordlib import util as pwutil
hashed = pwutil.hash_password("my_secret")
print(pwutil.compare_password("your_secret", hashed)) # False
print(pwutil.compare_password("my_secret", hashed)) # True
print(pwutil.extract_algorythm(hashed)) # sha256
print(pwutil.extract_iterations(hashed)) # 100_000
print(pwutil.extract_salt(hashed)) # b'...'
print(pwutil.extract_hashed(hashed)) # b'...'you can also configure the algorithms or number of iterations
from passwordlib import util as pwutil, config as pwconfig
# either globally
pwconfig.DEFAULT_ALGORITHM = "md5"
pwconfig.DEFAULT_ITERATIONS = 1_000_000
pwconfig.DEFAULT_SALT_LENGTH = 64
# or per instance
pwutil.hash_password(
password='password',
algorithm="md5", iterations=1_000_000, salt_length=64,
)it also offers the PasswordAttribute class to automatically hash attributes on objects
from passwordlib.attr import PasswordAttribute
class User:
name: str
password = PasswordAttribute()
user = User()
print(user.password) # None
user.password = "secret"
print(user.password) # b'\x06sha256\x00\x01\x86\xa0\x00 \x07\xcfg\x0ec\xa6D\xea\xae\x03S\xa1\xfcz\xaew\x02\x8b\xf1\xe5\xaf\x83n&\x87'\xcdRi!\xd9\xe7\x00@qV\xd3\x81\x113:*"\x05\xba\x12Xb\x04\xeb\x08Sn\x08Z\x9f\x89\xa50~\xa0\xb4\xbd.\xc6\x18"\xf9l\xeds\xbc\xc2B\xa7\xef\xa1\x8a\x7f3\xc1u\x17d\xce\xf2\x98+l\x86\xb7\x1c\xb4\xf0\x07t8\xc9'you can also check if a password is commonly used
from passwordlib.commonly_used import is_commonly_used
print(is_commonly_used("password")) # True
print(is_commonly_used("123456")) # True
print(is_commonly_used("matrix")) # True
print(is_commonly_used("password-library")) # False
print(is_commonly_used("TifnedjothUj")) # Falseand be able to validate a password against different criteria to ensure a password is safe.
from passwordlib.analyzer import Analyzer
# may not seem safe at first, but think:
# 9 digits,lowercase and symbols, not commonly used and no repeating characters
result = Analyzer("my_secret")
print(result.is_secure) # True
print(result.is_highly_secure) # False
print(result.score) # 5
print(result.contains_lowercase) # True
print(result.contains_uppercase) # False
print(result.contains_digits) # False
print(result.contains_symbols) # True
print(result.length) # 9
print(result.max_consecutive_character) # 1
print(result.is_commonly_used) # False
# you can do such a check here:
number_of_security_features = sum((
result.contains_lowercase,
result.contains_uppercase,
result.contains_digits,
result.contains_symbols,
result.length >= 8,
result.charset_length > (result.length // 2)
))
if number_of_security_features < 5 or result.is_commonly_used:
raise PasswordTooWeakError(result.password)
# here are more examples for you
r = Analyzer("password")
print(r.score, r.is_secure, r.is_highly_secure)
# 0 False False
r = Analyzer("123456")
print(r.score, r.is_secure, r.is_highly_secure)
# 0 False False
r = Analyzer("matrix")
print(r.score, r.is_secure, r.is_highly_secure)
# 0 False False
r = Analyzer("password-library")
print(r.score, r.is_secure, r.is_highly_secure)
# 7 True False
r = Analyzer("TifnedjothUj")
print(r.score, r.is_secure, r.is_highly_secure)
# 6 True False
r = Analyzer("passwoooooooooooooord")
print(r.score, r.is_secure, r.is_highly_secure)
# 1 False False- passwordlib
- passwordlib.util
- def hashing
- def comparing
- def dumping
- def loading
- passwordlib.attr
- class PasswordAttribute
- passwordlib.commonly_used
- def is_common_password
- passwordlib.Analyzer
- class Analyzer
- passwordlib.validator
- class PasswordValidator
- passwordlib.validator.rules
- passwordlib.util
- Documentation