Last Updated : 14 Jun, 2025
A strong password provides safety. Plain text passwords are extremely insecure, so we need to strengthen the passwords by hashing the password. Hashing passwords is a cheap and secure method that keeps the passwords safe from malicious activity. Password hashing generates a unique password for every text, even if the plaintext password is the same.
Why do we need to Hash a Password?Hashing is used mainly to protect a password from hackers. Suppose, if a website is hacked, cybercriminals don't get access to your password. Instead, they just get access to the encrypted “hash” created by the method of hashing.
Hashing vs EncryptionUnderstanding the key differences helps ensure you choose the correct method whether you need to store information securely or protect it during transmission.
Aspect
Encryption
Hashing
Purpose
Protect data for future retrieval
Securely store data (e.g. passwords)
Reversibility
Reversible (can decrypt)
One-way (cannot "unhash")
Usage Example
Messaging apps, file protection
Password storage, data integrity checks
Key Requirement
Requires an encryption key for decryption
No key required; produces fixed output
What is salt in hashing?In cryptography, a salt is random data used as an additional input to a one-way function that hashes data, such as a password. Salts are used to keep passwords safe while they are being stored. Historically, only the password's cryptographic hash function was maintained on a system, but over time, additional precautions were developed to prevent the identification of duplicate or common passwords. One such prevention is salting.
Common Hashing LibrariesNow let’s explore how you can hash passwords in Python using different libraries:
1. Using bcryptbcrypt is one of the most popular and secure password-hashing algorithms today. It’s designed to be slow (on purpose!) to resist brute-force attacks. It also automatically handles salting for you. To install bcrypt, use the following command:
pip install bcrypt
Example:
Python
import bcrypt
pw = b'GeekPassword'
s = bcrypt.gensalt()
h = bcrypt.hashpw(pw, s) # Hash password
print(s)
print(h)
Output
b'$2b$12$6sF57XJq9PlQX.eqOB3rFu'
b'$2b$12$6sF57XJq9PlQX.eqOB3rFudrIMuZyup7PBwrnKqCpqMx9ZKKpGJRC'
Explanation: Password pw is a byte string. The salt s = bcrypt.gensalt() ensures unique hashes and h = bcrypt.hashpw(pw, s) hashes the password with bcrypt, securely storing the hashed password instead of plaintext.
To check whether a user-entered password matches the stored hash:
Python
import bcrypt
pw = b'GeekPassword'
s = bcrypt.gensalt()
h = bcrypt.hashpw(pw, s) # Hash password
entered_pw = b'GeekPassword'
if bcrypt.checkpw(entered_pw, h):
print("Password match!")
else:
print("Incorrect password.")
Output
Password match!
Explanation: Entered password entered_pw is compared with the stored hash using bcrypt.checkpw(entered_pw, h). If they match, it prints "Password match!" otherwise, it prints "Incorrect password," securely verifying the password without exposing the original.
2. Using hashlibhashlib is a built-in Python module offering hashing algorithms like MD5, SHA1, and SHA256. It doesn’t handle salting automatically, so you must add your own. Since MD5 and SHA1 are insecure for password hashing, prefer SHA-256 or dedicated libraries like bcrypt or Argon2. No installation is required.
Python
import hashlib
pwd = 'GeekPassword'
s = '5gz'
# Combine password and salt
pwd_salt = pwd + s
hashed = hashlib.sha256(pwd_salt.encode())
print(hashed.hexdigest())
76e68c49b4f3b633e8d5678c930ca3fcbc4aa077cc664a0374b5b86ed6412629
Explanation: The password pwd and the salt s are combined and then the combination is hashed using SHA-256 (hashlib.sha256). The hexdigest() method is used to output the hash as a hexadecimal string.
3. Using Argon2Argon2 is a modern, secure password hashing algorithm and winner of the 2015 Password Hashing Competition. It’s memory-hard and resists brute-force, side-channel, and precomputation attacks making it the top choice for securing passwords in modern systems. To install Argon2, use the following command:
pip install argon2-cffi
Example:
Python
from argon2 import PasswordHasher
ph = PasswordHasher()
res = ph.hash("MySecurePassword")
print(res)
Output
$argon2id$v=19$m=65536,t=3,p=4$e7qsWV3d2+0NIOmsHN9TEA$zotuPe7WW8BG6bbt9qUVzWPFUNzsY0pqNFp2mm1XQYo
Explanation: ph.hash("MySecurePassword") hashes the password using the Argon2 algorithm. The result is a securely hashed password, including the algorithm parameters.
To check whether a user-entered password matches the stored hash:
Python
from argon2 import PasswordHasher
ph = PasswordHasher()
res = ph.hash("MySecurePassword")
try:
ph.verify(res, "MySecurePassword")
print("Password match!")
except Exception:
print("Incorrect password.")
Output
Password match!
Explanation: ph.verify(res, "MySecurePassword") compares the entered password with the stored hash. If they match, it prints "Password match!". If they don’t, it prints "Incorrect password."
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4