Using Built-In Libraries for Secure Password Hashing in Various Languages
51 views
Utilizing built-in libraries for password hashing ensures that you are leveraging well-tested and secure implementations, which reduces the risk of potential security flaws in custom solutions. Here’s a list of popular programming languages alongside their commonly used built-in libraries for password hashing, with links to their documentation:
1. Python
bcrypt
- Website & Documentation: bcrypt
- Usage Example:
import bcrypt def hash_password_bcrypt(password: str) -> str: hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()) return hashed.decode()
hashlib + scrypt (available in Python 3.6+)
- Website & Documentation: hashlib
- Usage Example:
import hashlib import os def hash_password_scrypt(password: str) -> str: salt = os.urandom(16) hash = hashlib.scrypt(password.encode(), salt=salt, n=16384, r=8, p=1) return salt + hash
Argon2 (via argon2-cffi)
- Website & Documentation: argon2-cffi
- Usage Example:
from argon2 import PasswordHasher def hash_password_argon2(password: str) -> str: ph = PasswordHasher() hashed = ph.hash(password) return hashed
passlib
- Website & Documentation: passlib
- Usage Example:
from passlib.context import CryptContext pwd_context = CryptContext(schemes=["pbkdf2_sha256", "bcrypt", "argon2"], deprecated="auto") def hash_password_passlib(password: str) -> str: return pwd_context.hash(password)
2. Java
java.security (MessageDigest)
- Website & Documentation: MessageDigest
- Usage Example:
import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Base64; public class PasswordHasher { public static String hashPassword(String password) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance("SHA-256"); byte[] salt = new byte[16]; SecureRandom random = new SecureRandom(); random.nextBytes(salt); md.update(salt); byte[] hashedPassword = md.digest(password.getBytes()); return Base64.getEncoder().encodeToString(salt) + Base64.getEncoder().encodeToString(hashedPassword); } }
Bcrypt (via third-party library)
- Website & Documentation: jBCrypt
- Usage Example:
import org.mindrot.jbcrypt.BCrypt; public class PasswordHasher { public static String hashPassword(String password) { return BCrypt.hashpw(password, BCrypt.gensalt()); } }
3. Node.js
crypto (built-in)
- Website & Documentation: crypto
- Usage Example:
const crypto = require('crypto'); function hashPassword(password) { const salt = crypto.randomBytes(16).toString('hex'); const hash = crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha512').toString('hex'); return `${salt}:${hash}`; }
bcryptjs
- Website & Documentation: bcryptjs
- Usage Example:
const bcrypt = require('bcryptjs'); async function hashPassword(password) { const salt = await bcrypt.genSalt(10); const hash = await bcrypt.hash(password, salt); return hash; }
4. Ruby
bcrypt (via bcrypt-ruby gem)
- Website & Documentation: bcrypt-ruby
- Usage Example:
require 'bcrypt' def hash_password(password) BCrypt::Password.create(password) end
5. PHP
password_hash (built-in)
- Website & Documentation: password_hash
- Usage Example:
function hash_password($password) { return password_hash($password, PASSWORD_BCRYPT); }
Using these well-supported and tested libraries is recommended to ensure that your password hashing is secure. Always keep these libraries up to date to benefit from the latest security patches and enhancements.