Back to Explore

pyca/bcrypt

GitHub
2 watchersOpen source

Last release: 2025-09-25

bcrypt is a Python library for hashing passwords using the bcrypt algorithm. It’s useful when you need secure password hashing in Python applications.

Project status

  • Actively maintained: GitHub shows an upstream push on 2026-06-08, which is very recent relative to 2026-06-09, and prior versions continue to land with meaningful code changes.
  • Update cadence: The most recent tagged update is 5.0.0 on 2025-09-25 (after 4.3.0 on 2025-02-28), suggesting a roughly 6 to 9 month cadence recently, though release notes often have little written changelog detail.

AI summary generated 2026-06-09

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • 5.0.0

    2025-09-25

    Release notes only announce version 5.0.0 and do not provide a written changelog. The code diff shows a maintenance-heavy release, with a pyo3 and Rust toolchain refresh, expanded Python 3.14 and free-threaded build coverage, and a user-visible change to bcrypt password handling.

    Features

  • 4.3.0

    2025-02-28

    The 4.3.0 release is mostly a maintenance and packaging refresh, and the published notes are effectively minimal. The code diff shows updated Rust and PyO3 dependencies, broader wheel and CI coverage, free-threaded Python 3.13 support, and stricter salt validation in the bcrypt extension.

    Features

  • 4.2.1

    2024-11-19

    Release 4.2.1 is mostly a maintenance and infrastructure update for the native bcrypt extension. The Rust and PyO3 dependency stack was refreshed, CI and publishing workflows were modernized, and build coverage shifted toward Python 3.13. The published release notes contain no substantive changelog entries, so the code diff is the real source of truth.

  • 4.2.0

    2024-07-22

    Release 4.2.0 is mostly a maintenance and packaging update, with the native extension migrated to PyO3 0.22.2 and the CI and release workflows refreshed. The published notes are effectively empty, so the meaningful changes come from the code diff, especially a tightened `kdf` argument type and updated build and publishing automation.

  • 4.1.3

    2024-05-04

    Release notes for 4.1.3 contain only version metadata, but the diff shows a major internal rewrite. The package now ships a Rust and PyO3 native backend, refreshed Cargo dependencies, typed Python stubs, and new CI and wheel-building automation.

  • 4.1.2

    2023-12-15

    Release 4.1.2 mainly updates packaging and wheel-building to support an additional ABI wheel (cp39), and bumps the crate version metadata to 4.1.2. The diff also includes several build-system changes (CI action versions, macOS build env var) and Rust dependency lockfile updates.

    Features

  • 4.1.1

    2023-11-28

    Version 4.1.1 updates the Rust-backed bcrypt extension to report its version via a new attribute name, and adjusts the Python package exports accordingly. The change set also modifies build configuration for pyo3 ABI3 support and updates the kdf type stub signature.

    Breaking

  • 4.1.0

    2023-11-27

    Release 4.1.0 has no publisher release notes content. The diff shows a substantial refactor where the public bcrypt Python API functions (gensalt, hashpw, checkpw, kdf) are now implemented directly in the Rust extension via PyO3, alongside major dependency and toolchain bumps.

    BreakingSecurity

  • 4.0.1

    2022-10-07

    No publisher release notes were provided for version 4.0.1. The code diff shows a small runtime behavior change around error handling for invalid bcrypt salts, plus build/distribution and CI workflow updates, along with Rust dependency lockfile bumps.

  • 4.0.0

    2022-08-24

    Release 4.0.0 was published on 2022-08-24, but the publisher did not provide any release notes. As a result, there is no documented information here about new features, breaking changes, bug fixes, security updates, performance improvements, or migration steps.

  • v1.1.1

    2015-03-14

    This release appears to be a small maintenance update with no substantive release notes beyond the version bump. The code changes update project metadata and CI configuration, and add a new runtime validation that rejects passwords containing NUL bytes.

  • v1.1.0

    2014-12-06

    v1.1.0 is mostly an internal refresh of bcrypt's native backend and packaging. The vendored crypt_blowfish implementation was upgraded from 1.2 to 1.3, which adds $2b$ prefix compatibility, and the Python wrapper was refactored to lazily load a precompiled CFFI module instead of compiling on import. CI and test tooling were also expanded to cover newer interpreters and linting.

    Features

  • v1.0.2

    2013-05-19

    Release v1.0.2 appears to be a minimal maintenance release. The release notes provide no substantive details beyond the version bump, while the code diff shows an internal change to the bcrypt C backend for 32-bit x86 builds.

  • v1.0.1

    2013-05-11

    v1.0.1 is a patch release with no written changelog beyond the version bump. The code shows internal packaging and build changes around bcrypt's CFFI backend, including deterministic module naming and a new build-time dependency on cffi.

  • v1.0.0

    2013-05-11

    No release notes content was provided for v1.0.0, so the specific code or API changes cannot be determined from the information available. As a result, potential breaking changes, bug fixes, security updates, and migration steps cannot be reliably extracted.