The PBKDF2 algorithm exposed by
hashlib module can be used to perform secure password hashing. While this algorithm cannot prevent brute-force attacks in order to recover the original password from the stored hash, it makes such attacks very expensive.
import hashlib import os salt = os.urandom(16) hash = hashlib.pbkdf2_hmac('sha256', b'password', salt, 100000)
PBKDF2 can work with any digest algorithm, the above example uses SHA256 which is usually recommended. The random salt should be stored along with the hashed password, you will need it again in order to compare an entered password to the stored hash. It is essential that each password is hashed with a different salt. As to the number of rounds, it is recommended to set it as high as possible for your application.
If you want the result in hexadecimal, you can use the
import binascii hexhash = binascii.hexlify(hash)