The Passlib documentation has moved to

passlib.hash.bcrypt_sha256 - BCrypt+SHA256

New in version 1.6.2.

BCrypt was developed to replace md5_crypt for BSD systems. It uses a modified version of the Blowfish stream cipher. It does, however, truncate passwords to 72 bytes, and some other minor quirks (see BCrypt Password Truncation for details). This class works around that issue by first running the password through SHA2-256. This class can be used directly as follows:

>>> from passlib.hash import bcrypt_sha256

>>> # generate new salt, hash password
>>> h = bcrypt_sha256.hash("password")
>>> h

>>> # the same, but with an explicit number of rounds
>>> bcrypt.using(rounds=8).hash("password")

>>> # verify password
>>> bcrypt.verify("password", h)
>>> bcrypt.verify("wrong", h)


It is strongly recommended that you install bcrypt when using this hash. See passlib.hash.bcrypt - BCrypt for more details.


class passlib.hash.bcrypt_sha256

This class implements a composition of BCrypt+SHA256, and follows the PasswordHash API.

It supports a fixed-length salt, and a variable number of rounds.

The hash() and genconfig() methods accept all the same optional keywords as the base bcrypt hash.

New in version 1.6.2.

Changed in version 1.7: Now defaults to "2b" variant.


Bcrypt-SHA256 is compatible with the Modular Crypt Format, and uses $bcrypt-sha256$ as the identifying prefix for all it’s strings. An example hash (of password) is:


Bcrypt-SHA256 hashes have the format $bcrypt-sha256$variant,rounds$salt$checksum, where:

  • variant is the BCrypt variant in use (usually, as in this case, 2a).
  • rounds is a cost parameter, encoded as decimal integer, which determines the number of iterations used via iterations=2**rounds (rounds is 12 in the example).
  • salt is a 22 character salt string, using the characters in the regexp range [./A-Za-z0-9] (LrmaIX5x4TRtAwEfwJZa1. in the example).
  • checksum is a 31 character checksum, using the same characters as the salt (2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO in the example).


The algorithm this hash uses is as follows:

  • first the password is encoded to UTF-8 if not already encoded.
  • then it’s run through SHA2-256 to generate a 32 byte digest.
  • this is encoded using base64, resulting in a 44-byte result (including the trailing padding =). For the example "password", the output from this stage would be "XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=".
  • this base64 string is then passed on to the underlying bcrypt algorithm as the new password to be hashed. See passlib.hash.bcrypt - BCrypt for details on it’s operation.