← Back to all products

Password Hasher

$9

Secure password hashing with PBKDF2-SHA256, strength analysis, generation, and timing-safe verification.

📁 9 files
JSONMarkdownPython

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 9 files

password-hasher/ ├── LICENSE ├── README.md ├── examples/ │ └── config.example.json ├── free-sample.zip ├── guide/ │ ├── 01_password-hasher.md │ ├── 02_features.md │ └── 03_quick-start.md ├── index.html └── src/ └── main.py

📖 Documentation Preview README excerpt

Password Hasher

Secure password hashing with PBKDF2-SHA256, strength analysis, password generation, and timing-safe verification. Zero dependencies.

Part of the Auth Vault toolkit by [CodeVault](https://codevault.dev).

Features

  • PBKDF2-HMAC-SHA256 hashing with 600,000 iterations (OWASP 2024)
  • Password strength analyzer: entropy, complexity, pattern detection
  • Common password detection via built-in blocklist
  • Timing-safe comparison to prevent timing attacks
  • Hash format versioning for algorithm migration
  • Secure password generator with configurable complexity
  • CLI tool for hashing, verifying, and strength checking
  • Zero dependencies — Python stdlib only

Quick Start


# Hash a password
python3 src/main.py hash --password "MyS3cur3Pass!"

# Verify a password against a hash
python3 src/main.py verify --password "MyS3cur3Pass!" \
    --hash '$pbkdf2-sha256$600000$...'

# Check password strength
python3 src/main.py strength --password "test123"

# Generate a secure password
python3 src/main.py generate --length 20

Using as a Library


from main import PasswordHasher, StrengthAnalyzer

hasher = PasswordHasher(iterations=600000)

# Hash a password
hashed = hasher.hash("MyS3cur3Pass!")
print(f"Hash: {hashed}")

# Verify a password
is_valid = hasher.verify("MyS3cur3Pass!", hashed)
print(f"Valid: {is_valid}")

# Check strength
analyzer = StrengthAnalyzer()
result = analyzer.analyze("test123")
print(f"Score: {result.score}/100")
print(f"Entropy: {result.entropy_bits:.1f} bits")
print(f"Feedback: {result.feedback}")

Hash Format

Hashes use a self-describing format for future-proof migration:

... continues with setup instructions, usage examples, and more.

📄 Code Sample .py preview

src/main.py #!/usr/bin/env python3 """ Password Hasher — Bcrypt-Compatible Hashing & Strength Checker =============================================================== A password security toolkit implementing bcrypt-compatible hashing, Argon2-inspired key derivation using PBKDF2, password strength analysis, and common password checking. Why stdlib-only? Because bcrypt and argon2-cffi require C extensions that fail in Docker scratch images, serverless functions, and airgapped environments. PBKDF2-HMAC-SHA256 is in Python's hashlib and provides excellent security with the right parameters. Zero dependencies. Import or run as CLI. Part of the Auth Vault toolkit by DataNest. License: MIT """ from __future__ import annotations import base64 import hashlib import json import logging import os import re import secrets import string import time from dataclasses import dataclass, field from typing import Any # --------------------------------------------------------------------------- # Configuration # --------------------------------------------------------------------------- # PBKDF2 parameters — tuned for ~200ms on modern hardware. # Increase iterations as hardware improves. DEFAULT_ITERATIONS = 600_000 # OWASP 2024 recommendation for SHA-256 DEFAULT_SALT_LENGTH = 32 # 256-bit random salt DEFAULT_KEY_LENGTH = 32 # 256-bit derived key DEFAULT_ALGORITHM = "sha256" # Password strength thresholds MIN_PASSWORD_LENGTH = 8 RECOMMENDED_LENGTH = 12 MAX_PASSWORD_LENGTH = 128 # Prevent DoS via extremely long passwords # ... 475 more lines ...
Buy Now — $9 Back to Products