Wachtwoord
==========

Wachtwoord is a ridiculously simple Python 3 specific password hashing library.
It was written as none of the existing password hashing libraries, most notably
fshp_, passlib_, cryha_ and Bcryptor_ supported Python 3.

Supported Hashing Schemes
-------------------------

Currently only one specific hashing scheme is supported: PBKDF2_.

**IMPORTANT** Versions up to and including 0.12 didn't implement PBKDF2
correctly. This version implements PBKDF2 directly from the specification as
detailed in RFC2898. The implementation is tested against publicized test
vectors (RFC6070)

Basic Usage
-----------

As Python 3 is very strict about the distinction between unicode
strings and byte strings, Wachtwoord was designed to provide a uniform interface
by requiring all input to be unicode strings and generating unicode strings as
output exclusively.

Wachtwoord supports all the hash functions from the hashlib module. The length
of the salt (default: 32) and the number of iterations (default: 10000) are
configurable.

Two Modes Of Operation
~~~~~~~~~~~~~~~~~~~~~~

Wachtwoord has two modes of operation. One where some minor initialization
(that can fail) is done separately from the hashing of a password and one where
both are done in one go. The former is more convenient when multiple passwords
need to be hashed one after another. The other is more convenient when hashing
is incidental.

Future hashing scheme extensions to Wachtwoord might make the initialization
part more expensive. For the PBKDF2_ scheme the difference is very small.

Separate initialization and hashing
+++++++++++++++++++++++++++++++++++

::

    >>> from wachtwoord.pbkdf2 import Engine
    >>> engine = Engine()
    >>> hash_encoded_password = engine.hash('secret_123')
    >>> print(hash_encoded_password)
    pbkdf2$sha512$10000$2qf1oL9GU0gq+Zf2+vWmuliL0WizwvyFUMWV3jG3o/M=$gzSkk0/WjTHACyaeDBe3czNdI+3iukVUm3f+vzNop2b/LwLQWf0r8WKv1TfzWaqYOnPH8vC3tDTBxdGDzEDYRw==
    >>>
    >>> is_correct_password = engine.verify('secret_123', hash_encoded_password)
    >>> print(is_correct_password)
    True
    >>>

The ``Engine`` object allows certain parameters to be set that influence all
the hashes that are subsequently generated. For instance, say we want to use the
``sha256`` hash function instead of the default ``sha512`` hash function::

    >>> from wachtwoord.pbkdf2 import Engine
    >>> engine = Engine(digestmod='sha256')
    >>>

Similarly if we want to change the salt size and number of iterations we would
call Engine as follows::

    >>> from wachtwoord.pbkdf2 import Engine
    >>> engine = Engine(digestmod='sha256', iterations=20000, salt_size=64)
    >>>

Initialization and hashing in one go
++++++++++++++++++++++++++++++++++++

::

    >>> from wachtwoord.pbkdf2 import hash_password, verify_password
    >>> hash_encoded_password = hash_password('secret_123')
    >>> print(hash_encoded_password)
    pbkdf2$sha512$10000$f6ULrQBJspk6JiwHiEDL8fpFLCf90mOAxAM1LCY4dO0=$xzCLvTdp7eQUuY5pfgFl33dx7/uGIMaeZ5Bm5hmLTMx43zi/OCiNgORRmkb5KfkjxRDkD7VNc/45DbHX1zDhcA==
    >>>
    >>> is_correct_password = verify_password('secret_123', hash_encoded_password)
    >>> print(is_correct_password)
    True
    >>>

The fact that the initialization and hashing happen in one go does not prevent
us from changing the default values. We could have called ``hash_password`` as
follows::

    >>> from wachtwoord.pbkdf2 import hash_password
    >>> hash_encoded_password = hash_password('secret_123', digestmod='sha256', iterations=20000, salt_size=64)

Origin of the name Wachtwoord
-----------------------------

Wachtwoord is Dutch for password.

.. _fshp: http://pypi.python.org/pypi/fshp/
.. _passlib: http://pypi.python.org/pypi/passlib/
.. _cryha: http://pypi.python.org/pypi/cryha/
.. _Bcryptor: http://pypi.python.org/pypi/Bcryptor/
.. _PBKDF2: http://en.wikipedia.org/wiki/PBKDF2
