nacl.hashlib

The nacl.hashlib module exposes directly usable implementations of raw constructs which libsodium exposes with simplified APIs, like the ones in nacl.hash and in nacl.pwhash.

The blake2b and scrypt() implementations are as API compatible as possible with the corresponding ones added to cpython standard library’s hashlib module in cpython’s version 3.6.

class nacl.hashlib.blake2b(data=b'', digest_size=BYTES, key=b'', salt=b'', person=b'')[source]

Returns an hash object which exposes an API mostly compatible to python3.6’s hashlib.blake2b (the only difference being missing support for tree hashing parameters in the constructor)

The methods update(), copy(), digest() and hexdigest() have the same semantics as described in hashlib documentation.

Each instance exposes the digest_size, block_size name properties as required by hashlib API.

MAX_DIGEST_SIZE

the maximum allowed value of the requested digest_size

MAX_KEY_SIZE

the maximum allowed size of the password parameter

PERSON_SIZE

the maximum size of the personalization

SALT_SIZE

the maximum size of the salt

nacl.hashlib.scrypt(password, salt='', n=2**20, r=8, p=1, maxmem=2**25, dklen=64)[source]

Derive a raw cryptographic key using the scrypt KDF.

Parameters:
  • password (bytes) – the input password

  • salt (bytes) – a crypographically-strong random salt

  • n (int) – CPU/Memory cost factor

  • r (int) – block size multiplier: the used block size will be 128 * r

  • p (int) – requested parallelism: the number of independently running scrypt constructs which will contribute to the final key generation

  • maxmem (int) – maximum memory the whole scrypt construct will be entitled to use

  • dklen (int) – length of the derived key

Returns:

a buffer dklen bytes long containing the derived key

Raises:

nacl.exceptions.UnavailableError – If called when using a minimal build of libsodium.

Implements the same signature as the hashlib.scrypt implemented in cpython version 3.6

The recommended values for n, r, p in 2012 were n = 2**14, r = 8, p = 1; as of 2016, libsodium suggests using n = 2**14, r = 8, p = 1 in a “interactive” setting and n = 2**20, r = 8, p = 1 in a “sensitive” setting.

The total memory usage will respectively be a little greater than 16MB in the “interactive” setting, and a little greater than 1GB in the “sensitive” setting.