bcrypt

5.0.0 verified Tue May 12 auth: no python install: verified quickstart: verified

A Python library for modern password hashing, currently at version 5.0.0, with a release cadence of approximately every 6 months.

pip install bcrypt

Common errors

error ModuleNotFoundError: No module named 'bcrypt' ↓

cause The 'bcrypt' library is not installed in the Python environment being used, or the Python interpreter cannot find it.

fix

Install the library using pip: pip install bcrypt or python -m pip install bcrypt

error ValueError: Invalid salt ↓

cause This error typically occurs during password verification (`bcrypt.checkpw()`) when the provided hash is malformed, corrupted, or not a valid bcrypt hash, often due to incorrect storage, retrieval, or encoding.

fix

Ensure that the stored hash is retrieved correctly without alteration and that both the plaintext password and the stored hash are consistently encoded (e.g., password.encode('utf-8')) before being passed to bcrypt.checkpw().

error TypeError: Unicode-objects must be encoded before hashing ↓

cause The `bcrypt` library functions like `bcrypt.hashpw()` and `bcrypt.checkpw()` require byte strings (e.g., `b'password'`) as input for passwords and hashes, but a Unicode string (Python's default `str` type) was provided.

fix

Encode the password string to bytes before passing it to bcrypt functions: password_string.encode('utf-8')

error ValueError: Password too long ↓

cause The bcrypt algorithm, as specified, only processes the first 72 bytes of a password. Since version 5.0.0 of the Python `bcrypt` library, providing a password longer than 72 bytes explicitly raises this `ValueError` instead of silently truncating it.

fix

Ensure that passwords do not exceed 72 bytes in length. If longer passwords are required, pre-hash them with another cryptographic hash function (e.g., SHA-256) and then pass the base64-encoded output of that hash to bcrypt.hashpw().

Warnings

breaking Passing a password longer than 72 bytes to hashpw now raises a ValueError; previously, it was silently truncated. ↓

fix Ensure passwords are 72 bytes or shorter before hashing.

deprecated Support for Python 3.7 has been dropped in version 4.3.0. ↓

fix Upgrade to Python 3.8 or later.

gotcha bcrypt requires a C compiler and a Rust compiler (minimum supported Rust version is 1.56.0) for building from source. ↓

fix Install the necessary compilers or use pre-built wheels.

Install compatibility verified last tested: 2026-05-12

python os / libc status wheel install import disk

3.10 alpine (musl) - - 0.00s 18.6M

3.10 slim (glibc) - - 0.00s 19M

3.11 alpine (musl) - - 0.00s 20.4M

3.11 slim (glibc) - - 0.00s 21M

3.12 alpine (musl) - - 0.00s 12.3M

3.12 slim (glibc) - - 0.00s 13M

3.13 alpine (musl) - - 0.00s 11.9M

3.13 slim (glibc) - - 0.00s 12M

3.9 alpine (musl) - - 0.00s 18.1M

3.9 slim (glibc) - - 0.00s 18M

Imports

bcrypt
```
import bcrypt
```
Ensure 'bcrypt' is imported directly; avoid 'from bcrypt import *' to prevent namespace pollution.

Quickstart verified last tested: 2026-04-23

A simple example demonstrating how to hash and check passwords using bcrypt.

import bcrypt

# Hash a password
password = b"supersecret"
salt = bcrypt.gensalt()
hash = bcrypt.hashpw(password, salt)

# Check a password
if bcrypt.checkpw(password, hash):
    print("Password matches")
else:
    print("Password does not match")