AuthEncoding

6.0 verified Mon Apr 27 auth: no python

Framework for handling LDAP-style password hashes in Python. Current version 6.0, compatible with Python >=3.9. Release cadence is irregular, driven by Zope project needs.

pip install authencoding

Common errors

error ValueError: unsupported hash scheme '{CRYPT}' ↓

cause The hash scheme requested or present in the stored password is not supported by the current installation.

fix

Install the optional dependency: pip install authencoding[crypt]

error ImportError: cannot import name 'check_password' from 'authencoding' ↓

cause Function renamed in v6 from `check_password` to `validate_password`.

fix

Replace check_password with validate_password in your import and calls.

error TypeError: encode_password() got an unexpected keyword argument 'lmhash' ↓

cause v6 removed lmhash and nthash parameters.

fix

Remove the lmhash/nthash arguments from the call. Only pass password and optional scheme.

Warnings

breaking v6 removed support for legacy LM/NT hash schemes, dropping the `lmhash` and `nthash` parameters from encoding functions. Code using `encode_password(pw, lmhash='...')` will fail. ↓

fix Update calls to only pass the password string; remove legacy hash arguments.

breaking In v6, `validate_password` (formerly `check_password`) now raises `ValueError` for unsupported or malformed hashes instead of returning `False`. Code assuming `False` return on error will break. ↓

fix Wrap calls in try/except ValueError or use the new `verify_password` (if available) that returns boolean.

deprecated The `authencoding.utils` module is deprecated. Direct imports like `from authencoding.utils import validate_password` will be removed in a future release. ↓

fix Import directly from `authencoding` instead.

gotcha Password encoding with the default scheme uses SHA256 with a prefix '{SHA256}'. If you need SHA1 (SSHA) or MD5, you must specify the scheme explicitly. Do not assume plain-text storage. ↓

fix Use `encode_password(pw, scheme='{SSHA}')` for SHA1 or `scheme='{SMD5}'` for MD5.

Imports

encode_password
wrong
```
from AuthEncoding import encode_password
```
correct
```
from authencoding import encode_password
```
Case-sensitive import path; lowercase module name after install.

validate_password

wrong

from authencoding import check_password

correct

from authencoding import validate_password

Function renamed in v6; use validate_password.

Quickstart

Encode and validate a password using the default SHA256 scheme.

from authencoding import encode_password, validate_password

password = "secret123"
# Encode with default scheme (SHA256)
encoded = encode_password(password)
try:
    is_valid = validate_password(password, encoded)
    print(f"Valid: {is_valid}")
except ValueError as e:
    print(f"Error: {e}")