I think pbkdf2_hmac is ok to hash passwords. You don't need to install third-party dependencies.
import hashlib
import secrets
SALT = secrets.token_bytes(32) # store it somewhere
user_password_clear_text = "abc"
# hash the password
hashed_pw = hashlib.pbkdf2_hmac("sha256", user_password_clear_text.encode(), SALT, 4096)
# user comes back and enters his passowerd:
hashed_pw_verify = hashlib.pbkdf2_hmac("sha256", input("Please enter your password: ").encode(), SALT, 4096)
# now compare the hashed password from database with the hashed password from user inout
# don't use == as comparison because this allows timing attacks.
# use secrets.compare_digest
if secrets.compare_digest(hashed_pw, hashed_pw_verify):
print("password ok")
else:
print("password not ok")
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
All humans together. We don't need politicians!