v0.2.1

Bump version 0.2.0 → 0.2.1

Bug fixes and improvements

• Relax version constraints of argon2-cffi and bcrypt dependencies. Thanks @MrNaif2018 🎉
• Fix error message typo. Thanks @Tchez 🎉

v0.2.0

Bump version 0.1.0 → 0.2.0

Breaking change

The order of the arguments for the verify and verify_and_update methods has been reversed. The hash is now the second argument and the password is the first argument. This change was made to make the API more consistent with passlib.

Before

valid = password_hash.verify(hash, "herminetincture")
valid, updated_hash = password_hash.verify_and_update(hash, "herminetincture")

After

valid = password_hash.verify("herminetincture", hash)
valid, updated_hash = password_hash.verify_and_update("herminetincture", hash)

v0.1.0

First release of pwdlib 🎉

Modern password hashing for Python

---

Quickstart

pip install 'pwdlib[argon2]'

from pwdlib import PasswordHash

password_hash = PasswordHash.recommended()
hash = password_hash.hash("herminetincture")
password_hash.verify(hash, "herminetincture")  # True

Why pwdlib?

For years, the de-facto standard to hash passwords was passlib. Unfortunately, it has not been very active recently and its maintenance status is under question. Starting Python 3.13, passlib won't work anymore.

That's why I decided to start pwdlib, a password hash helper for the modern Python era. However, it's not designed to be a complete replacement for passlib, which supports numerous hashing algorithms and features.

✅ Goals

• Provide an easy-to-use wrapper to hash and verify passwords
• Support modern and secure algorithms like Argon2 or Bcrypt

❌ Non-goals

• Support legacy hashing algorithms like MD5
• Implement algorithms directly — we should only rely on existing and battle-tested implementations