Argon2PasswordHasher
Secure password hashing using the argon2 algorithm.
Attributes
| Attribute | Type | Description |
|---|---|---|
| algorithm | string = "argon2" | The unique identifier for the hashing algorithm used to prefix encoded password strings. |
| library | string = "argon2" | The name of the external Python library required to perform the argon2 hashing operations. |
| time_cost | integer = 2 | The number of iterations used by the argon2 algorithm to increase the computation time required to hash a password. |
| memory_cost | integer = 102400 | The amount of memory in kibibytes that the argon2 algorithm will utilize during the hashing process. |
| parallelism | integer = 8 | The number of parallel threads to be used by the argon2 algorithm during password hashing. |
Methods
encode()
@classmethod
def encode(
password: string,
salt: string
) - > string
Generates a secure Argon2 hash string from a raw password and salt using the configured cost parameters.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password to be hashed. |
| salt | string | The unique salt value used to protect against rainbow table attacks. |
Returns
| Type | Description |
|---|---|
string | The complete encoded hash string prefixed with the algorithm identifier. |
decode()
@classmethod
def decode(
encoded: string
) - > dict
Parses an encoded Argon2 hash string into its constituent components and configuration parameters.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The full encoded hash string to be decomposed. |
Returns
| Type | Description |
|---|---|
dict | A dictionary containing the algorithm, hash, salt, and specific Argon2 cost parameters like memory_cost and parallelism. |
verify()
@classmethod
def verify(
password: string,
encoded: string
) - > boolean
Validates a raw password against an existing encoded Argon2 hash.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password to verify. |
| encoded | string | The stored hash string to validate against. |
Returns
| Type | Description |
|---|---|
boolean | True if the password matches the hash, False otherwise. |
safe_summary()
@classmethod
def safe_summary(
encoded: string
) - > dict
Provides a human-readable summary of the hashing parameters and masked versions of sensitive data.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The encoded hash string to summarize. |
Returns
| Type | Description |
|---|---|
dict | A dictionary of descriptive labels and values suitable for administrative display. |
must_update()
@classmethod
def must_update(
encoded: string
) - > boolean
Determines if an encoded hash should be re-hashed because the hasher's configuration or salt entropy requirements have changed.
Parameters
| Name | Type | Description |
|---|---|---|
| encoded | string | The encoded hash string to evaluate for updates. |
Returns
| Type | Description |
|---|---|
boolean | True if the hash parameters differ from current settings or if the salt is insufficient. |
harden_runtime()
@classmethod
def harden_runtime(
password: string,
encoded: string
)
Placeholder method for runtime hardening; Argon2 does not implement a simple hardening algorithm due to its complexity.
Parameters
| Name | Type | Description |
|---|---|---|
| password | string | The plain-text password. |
| encoded | string | The encoded hash string. |
params()
@classmethod
def params() - > argon2.Parameters
Constructs an Argon2 parameters object using the current class settings for time, memory, and parallelism.
Returns
| Type | Description |
|---|---|
argon2.Parameters | An object containing the specific Argon2 configuration used for hashing operations. |