{"id":20967,"library":"authencoding","title":"AuthEncoding","description":"Framework for handling LDAP-style password hashes in Python. Current version 6.0, compatible with Python >=3.9. Release cadence is irregular, driven by Zope project needs.","status":"active","version":"6.0","language":"python","source_language":"en","source_url":"https://github.com/zopefoundation/AuthEncoding","tags":["ldap","password-hashing","authentication","zope"],"install":[{"cmd":"pip install authencoding","lang":"bash","label":"Install via pip"}],"dependencies":[],"imports":[{"note":"Case-sensitive import path; lowercase module name after install.","wrong":"from AuthEncoding import encode_password","symbol":"encode_password","correct":"from authencoding import encode_password"},{"note":"Function renamed in v6; use validate_password.","wrong":"from authencoding import check_password","symbol":"validate_password","correct":"from authencoding import validate_password"}],"quickstart":{"code":"from authencoding import encode_password, validate_password\n\npassword = \"secret123\"\n# Encode with default scheme (SHA256)\nencoded = encode_password(password)\ntry:\n    is_valid = validate_password(password, encoded)\n    print(f\"Valid: {is_valid}\")\nexcept ValueError as e:\n    print(f\"Error: {e}\")","lang":"python","description":"Encode and validate a password using the default SHA256 scheme."},"warnings":[{"fix":"Update calls to only pass the password string; remove legacy hash arguments.","message":"v6 removed support for legacy LM/NT hash schemes, dropping the `lmhash` and `nthash` parameters from encoding functions. Code using `encode_password(pw, lmhash='...')` will fail.","severity":"breaking","affected_versions":"<=5.0 -> >=6.0"},{"fix":"Wrap calls in try/except ValueError or use the new `verify_password` (if available) that returns boolean.","message":"In v6, `validate_password` (formerly `check_password`) now raises `ValueError` for unsupported or malformed hashes instead of returning `False`. Code assuming `False` return on error will break.","severity":"breaking","affected_versions":"<=5.0 -> >=6.0"},{"fix":"Import directly from `authencoding` instead.","message":"The `authencoding.utils` module is deprecated. Direct imports like `from authencoding.utils import validate_password` will be removed in a future release.","severity":"deprecated","affected_versions":">=6.0"},{"fix":"Use `encode_password(pw, scheme='{SSHA}')` for SHA1 or `scheme='{SMD5}'` for MD5.","message":"Password encoding with the default scheme uses SHA256 with a prefix '{SHA256}'. If you need SHA1 (SSHA) or MD5, you must specify the scheme explicitly. Do not assume plain-text storage.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-27T00:00:00.000Z","next_check":"2026-07-26T00:00:00.000Z","problems":[{"fix":"Install the optional dependency: pip install authencoding[crypt]","cause":"The hash scheme requested or present in the stored password is not supported by the current installation.","error":"ValueError: unsupported hash scheme '{CRYPT}'"},{"fix":"Replace `check_password` with `validate_password` in your import and calls.","cause":"Function renamed in v6 from `check_password` to `validate_password`.","error":"ImportError: cannot import name 'check_password' from 'authencoding'"},{"fix":"Remove the lmhash/nthash arguments from the call. Only pass password and optional scheme.","cause":"v6 removed lmhash and nthash parameters.","error":"TypeError: encode_password() got an unexpected keyword argument 'lmhash'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}