1.. index:: 2 single: PasswordHash interface 3 single: custom hash handler; requirements 4 5.. module:: passlib.ifc 6 :synopsis: abstract interfaces used by Passlib 7 8============================================= 9:mod:`passlib.ifc` -- Password Hash Interface 10============================================= 11 12.. _password-hash-api: 13 14PasswordHash API 15================ 16This module provides the :class:`!PasswordHash` abstract base class. 17This class defines the common methods and attributes present 18on all the hashes importable from the :mod:`passlib.hash` module. 19Additionally, the :class:`passlib.context.CryptContext` class is deliberately 20designed to parallel many of this interface's methods. 21 22.. rst-class:: float-center 23 24.. seealso:: 25 26 :ref:`hash-tutorial` -- Overview of this interface and how to use it. 27 28Base Abstract Class 29=================== 30.. class:: PasswordHash() 31 32 This class provides an abstract interface for an arbitrary password hasher. 33 34 Applications will generally not construct instances directly -- 35 most of the operations are performed via classmethods, allowing 36 instances of a given class to be an internal detail used to implement 37 the various operations. 38 39 While :class:`!PasswordHash` offers a number of methods and attributes, 40 most applications will only need the two primary methods: 41 42 * :meth:`PasswordHash.hash` - generate new salt, return hash of password. 43 * :meth:`PasswordHash.verify` - verify password against existing hash. 44 45 Two additional support methods are also provided: 46 47 * :meth:`PasswordHash.using` - create subclass with customized configuration. 48 * :meth:`PasswordHash.identify` - check if hash belongs to this algorithm. 49 50 Each hash algorithm also provides a number of :ref:`informational attributes <informational-attributes>`, 51 allowing programmatic inspection of its options and parameter limits. 52 53.. seealso:: 54 55 :ref:`hash-tutorial` -- Overview of this interface and how to use it. 56 57.. _primary-methods: 58 59Hashing & Verification Methods 60============================== 61Most applications will only need to use two methods: 62:meth:`PasswordHash.hash` to generate new hashes, and :meth:`PasswordHash.verify` 63to check passwords against existing hashes. 64These methods provide an easy interface for working with a password hash, 65and abstract away details such as salt generation, hash normalization, 66and hash comparison. 67 68.. classmethod:: PasswordHash.hash(secret, \*\*kwds) 69 70 Digest password using format-specific algorithm, 71 returning resulting hash string. 72 73 For most hashes supported by Passlib, the returned string will contain: 74 an algorithm identifier, a cost parameter, the salt string, 75 and finally the password digest itself. 76 77 :type secret: unicode or bytes 78 :arg secret: string containing the password to encode. 79 80 :param \*\*kwds: 81 82 All additional keywords are algorithm-specific, and will be listed 83 in that hash's documentation; though many of the more common keywords 84 are listed under :attr:`PasswordHash.setting_kwds` 85 and :attr:`PasswordHash.context_kwds`. 86 87 .. deprecated:: 1.7 88 89 Passing :attr:`PasswordHash.setting_kwds` such as ``rounds`` and ``salt_size`` 90 directly into the :meth:`hash` method is deprecated. Callers should instead 91 use ``handler.using(**settings).hash(secret)``. Support for the old method 92 is is tentatively scheduled for removal in Passlib 2.0. 93 94 Context keywords such as ``user`` should still be provided to :meth:`!hash`. 95 96 :returns: 97 Resulting password hash, encoded in an algorithm-specific format. 98 This will always be an instance of :class:`!str` 99 (i.e. :class:`unicode` under Python 3, ``ascii``-encoded :class:`bytes` under Python 2). 100 101 :raises ValueError: 102 103 * If a ``kwd``'s value is invalid (e.g. if a ``salt`` string 104 is too small, or a ``rounds`` value is out of range). 105 106 * If ``secret`` contains characters forbidden by the hash algorithm 107 (e.g. :class:`!des_crypt` forbids NULL characters). 108 109 :raises TypeError: 110 111 * if ``secret`` is not :class:`!unicode` or :class:`bytes`. 112 * if a ``kwd`` argument has an incorrect type. 113 * if an algorithm-specific required ``kwd`` is not provided. 114 115 .. versionchanged:: 1.6 116 Hashes now raise :exc:`TypeError` if a required keyword is missing, 117 rather than :exc:`ValueError` like in previous releases; in order 118 to conform with normal Python behavior. 119 120 .. versionchanged:: 1.6 121 Passlib is now much stricter about input validation: for example, 122 out-of-range ``rounds`` values now cause an error instead of being 123 clipped (though applications may set :ref:`relaxed=True <relaxed-keyword>` 124 to restore the old behavior). 125 126 .. versionchanged:: 1.7 127 128 This method was renamed from :meth:`encrypt`. 129 Deprecated support for passing settings directly into :meth:`!hash`. 130 131.. classmethod:: PasswordHash.encrypt(secret, \*\*kwds) 132 133 Legacy alias for :meth:`PasswordHash.hash`. 134 135 .. deprecated:: 1.7 136 137 This method was renamed to :meth:`!hash` in version 1.7. 138 This alias will be removed in version 2.0, and should only 139 be used for compatibility with Passlib 1.3 - 1.6. 140 141.. classmethod:: PasswordHash.verify(secret, hash, \*\*context_kwds) 142 143 Verify a secret using an existing hash. 144 145 This checks if a secret matches against the one stored 146 inside the specified hash. 147 148 :type secret: unicode or bytes 149 :param secret: 150 A string containing the password to check. 151 152 :type secret: unicode or bytes 153 :param hash: 154 A string containing the hash to check against, 155 such as returned by :meth:`PasswordHash.hash`. 156 157 Hashes may be specified as :class:`!unicode` or 158 ``ascii``-encoded :class:`!bytes`. 159 160 :param \*\*kwds: 161 Very few hashes will have additional keywords. 162 163 The ones that do typically require external contextual information 164 in order to calculate the digest. For these hashes, 165 the values must match the ones passed to the original 166 :meth:`PasswordHash.hash` call when the hash was generated, 167 or the password will not verify. 168 169 These additional keywords are algorithm-specific, and will be listed 170 in that hash's documentation; though the more common keywords 171 are listed under :attr:`PasswordHash.context_kwds`. 172 Examples of common keywords include ``user``. 173 174 :returns: 175 ``True`` if the secret matches, otherwise ``False``. 176 177 :raises TypeError: 178 * if either ``secret`` or ``hash`` is not a unicode or bytes instance. 179 * if the hash requires additional ``kwds`` which are not provided, 180 * if a ``kwd`` argument has the wrong type. 181 182 :raises ValueError: 183 * if ``hash`` does not match this algorithm's format. 184 * if the ``secret`` contains forbidden characters (see 185 :meth:`PasswordHash.hash`). 186 * if a configuration/salt string generated by :meth:`PasswordHash.genconfig` 187 is passed in as the value for ``hash`` (these strings look 188 similar to a full hash, but typically lack the digest portion 189 needed to verify a password). 190 191 .. versionchanged:: 1.6 192 This function now raises :exc:`ValueError` if ``None`` or a config string is provided 193 instead of a properly-formed hash; previous releases were inconsistent 194 in their handling of these two border cases. 195 196.. seealso:: 197 198 * :ref:`hash-verifying` tutorial for a usage example 199 200.. _crypt-methods: 201 202.. rst-class:: html-toggle 203 204Crypt Methods 205============= 206Taken together, the :meth:`PasswordHash.genconfig` and :meth:`PasswordHash.genhash` 207are two tightly-coupled methods that mimic the standard Unix 208"crypt" interface. The first method generates salt / configuration 209strings from a set of settings, and the second hashes the password 210using the provided configuration string. 211 212.. seealso:: 213 214 Most applications will find :meth:`PasswordHash.hash` much more useful, 215 as it combines the functionality of these two methods into one. 216 217.. classmethod:: PasswordHash.genconfig(\*\*setting_kwds) 218 219 .. deprecated:: 1.7 220 221 As of 1.7, this method is deprecated, and slated for complete removal in Passlib 2.0. 222 223 For all known real-world uses, ``.hash("", **settings)`` 224 should provide equivalent functionality. 225 226 This deprecation may be reversed if a use-case presents itself in the mean time. 227 228 Returns a configuration string encoding settings for hash generation. 229 230 This function takes in all the same :attr:`PasswordHash.setting_kwds` 231 as :meth:`PasswordHash.hash`, fills in suitable defaults, 232 and encodes the settings into a single "configuration" string, 233 suitable passing to :meth:`PasswordHash.genhash`. 234 235 :param \*\*kwds: 236 All additional keywords are algorithm-specific, and will be listed 237 in that hash's documentation; though many of the more common keywords 238 are listed under :attr:`PasswordHash.setting_kwds` 239 Examples of common keywords include ``salt`` and ``rounds``. 240 241 :returns: 242 A configuration string (as :class:`!str`). 243 244 :raises ValueError, TypeError: 245 This function raises exceptions for the same 246 reasons as :meth:`PasswordHash.hash`. 247 248 .. versionchanged:: 1.7 249 250 This should now always return a full hash string, even in cases 251 where previous releases would return a truncated "configuration only" string, 252 or ``None``. 253 254.. classmethod:: PasswordHash.genhash(secret, config, \*\*context_kwds) 255 256 Encrypt secret using specified configuration string. 257 258 .. deprecated:: 1.7 259 260 As of 1.7, this method is deprecated, and slated for complete removal in Passlib 2.0. 261 262 This deprecation may be reversed if a use-case presents itself in the mean time. 263 264 This takes in a password and a configuration string, 265 and returns a hash for that password. 266 267 :type secret: unicode or bytes 268 :arg secret: 269 string containing the password to be encrypted. 270 271 :type config: unicode or bytes 272 :arg config: 273 configuration string to use when hashing the secret. 274 this can either be an existing hash that was previously 275 returned by :meth:`PasswordHash.genhash`, or a configuration string 276 that was previously created by :meth:`PasswordHash.genconfig`. 277 278 .. versionchanged:: 1.7 279 280 ``None`` is no longer accepted for hashes which (prior to 1.7) 281 lacked a configuration string format. 282 283 :param \*\*kwds: 284 Very few hashes will have additional keywords. 285 286 The ones that do typically require external contextual information 287 in order to calculate the digest. For these hashes, 288 the values must match the ones passed to the original 289 :meth:`PasswordHash.hash` call when the hash was generated, 290 or the password will not verify. 291 292 These additional keywords are algorithm-specific, and will be listed 293 in that hash's documentation; though the more common keywords 294 are listed under ::attr:`PasswordHash.context_kwds`. 295 Examples of common keywords include ``user``. 296 297 :returns: 298 Encoded hash matching specified secret, config, and kwds. 299 This will always be a native :class:`!str` instance. 300 301 :raises ValueError, TypeError: 302 This function raises exceptions for the same 303 reasons as :meth:`PasswordHash.hash`. 304 305 .. warning:: 306 307 Traditionally, password verification using the "crypt" interface 308 was done by testing if ``hash == genhash(password, hash)``. 309 This test is only reliable for a handful of algorithms, 310 as various hash representation issues may cause false results. 311 Applications are strongly urged to use :meth:`~PasswordHash.verify` instead. 312 313.. _support-methods: 314 315Factory Creation 316================ 317One powerful method offered by the :class:`!PasswordHash` class :meth:`PasswordHash.using`. 318This method allows you to quickly create subclasses of a specific hash, 319providing it with preconfigured defaults specific to your application: 320 321.. classmethod:: PasswordHash.using(relaxed=False, \*\*settings) 322 323 This method takes in a set of algorithm-specific settings, 324 and returns a new handler object which uses the specified default settings instead. 325 326 :param \*\*settings: 327 328 All keywords are algorithm-specific, and will be listed 329 in that hash's documentation; though many of the more common keywords 330 are listed under :attr:`PasswordHash.setting_kwds`. 331 Examples of common keywords include ``rounds`` and ``salt_size``. 332 333 :returns: 334 A new object which adheres to :class:`!PasswordHash` api. 335 336 :raises ValueError: 337 338 * If a keywords's value is invalid (e.g. if a ``salt`` string 339 is too small, or a ``rounds`` value is out of range). 340 341 :raises TypeError: 342 343 * if a ``kwd`` argument has an incorrect type. 344 345 .. versionadded:: 1.7 346 347.. seealso:: :ref:`hash-configuring` tutorial for a usage example 348 349Hash Inspection Methods 350======================= 351There are currently two hash inspection methods, :meth:`PasswordHash.identify` 352and :meth:`PasswordHash.needs_update`. 353 354.. classmethod:: PasswordHash.identify(hash) 355 356 Quickly identify if a hash string belongs to this algorithm. 357 358 :type hash: unicode or bytes 359 :arg hash: 360 the candidate hash string to check 361 362 :returns: 363 * ``True`` if the input is a configuration string or hash string 364 identifiable as belonging to this scheme (even if it's malformed). 365 * ``False`` if the input does not belong to this scheme. 366 367 :raises TypeError: 368 if :samp:`{hash}` is not a unicode or bytes instance. 369 370 .. note:: 371 372 A small number of the hashes supported by Passlib lack a reliable 373 method of identification (e.g. :class:`~passlib.hash.lmhash` 374 and :class:`~passlib.hash.nthash` both consist of 32 hexadecimal characters, 375 with no distinguishing features). For such hashes, this method 376 may return false positives. 377 378 .. seealso:: 379 380 If you are considering using this method to select from multiple 381 algorithms (e.g. in order to verify a password), you will be better served 382 by the :ref:`CryptContext <context-reference>` class. 383 384.. automethod:: PasswordHash.needs_update 385 386.. 387 the undocumented and experimental support methods currently include 388 parsehash() and bitsize() 389 390 391 .. todo:: 392 393 document the :attr:`is_disabled` and DisabledHash interface 394 added in passlib 1.7. 395 396.. _informational-attributes: 397 398.. _general-attributes: 399 400General Informational Attributes 401================================ 402Each hash provides a handful of informational attributes, allowing 403programs to dynamically adapt to the requirements of different 404hash algorithms. The following attributes should be defined for all 405the hashes in passlib: 406 407.. attribute:: PasswordHash.name 408 409 Name uniquely identifying this hash. 410 411 For the hashes built into Passlib, this will always match 412 the location where it was imported from — :samp:`passlib.hash.{name}` — 413 though externally defined hashes may not adhere to this. 414 415 This should always be a :class:`!str` consisting of lowercase ``a-z``, 416 the digits ``0-9``, and the underscore character ``_``. 417 418.. attribute:: PasswordHash.setting_kwds 419 420 Tuple listing the keywords supported by :meth:`PasswordHash.using` control hash generation, 421 and which will be encoded into the resulting hash. 422 423 (These keywords will also be accepted by :meth:`PasswordHash.hash` and :meth:`PasswordHash.genconfig`, 424 though that behavior is deprecated as of Passlib 1.7; and will be removed in Passlib 2.0). 425 426 This list commonly includes keywords for controlling salt generation, 427 adjusting time-cost parameters, etc. Most of these settings are optional, 428 and suitable defaults will be chosen if they are omitted (e.g. salts 429 will be autogenerated). 430 431 While the documentation for each hash should have a complete list of 432 the specific settings the hash uses, the following keywords should have 433 roughly the same behavior for all the hashes that support them: 434 435 .. index:: 436 single: salt; PasswordHash keyword 437 438 ``salt`` 439 Specifies a fixed salt string to use, rather than randomly 440 generating one. 441 442 This option is supported by most of the hashes in Passlib, 443 though typically it isn't used, as random generation of a salt 444 is usually the desired behavior. 445 446 Hashes typically require this to be a :class:`!unicode` or 447 :class:`!bytes` instance, with additional constraints 448 appropriate to the algorithm. 449 450 .. index:: 451 single: salt_size; PasswordHash keyword 452 453 ``salt_size`` 454 455 Most algorithms which support the ``salt`` setting will 456 autogenerate a salt when none is provided. Most of those hashes 457 will also offer this option, which allows the caller to specify 458 the size of salt which should be generated. If omitted, 459 the hash's default salt size will be used. 460 461 .. seealso:: the :ref:`salt info <salt-attributes>` attributes (below) 462 463 .. index:: 464 single: rounds; PasswordHash keyword 465 466 ``rounds`` 467 If present, this means the hash can vary the number 468 of internal rounds used in some part of its algorithm, 469 allowing the calculation to take a variable amount of processor 470 time, for increased security. 471 472 While this is almost always a non-negative integer, 473 additional constraints may be present for each algorithm 474 (such as the cost varying on a linear or logarithmic scale). 475 476 This value is typically omitted, in which case a default 477 value will be used. The defaults for all the hashes in Passlib 478 are periodically retuned to strike a balance between 479 security and responsiveness. 480 481 .. seealso:: the :ref:`rounds info <rounds-attributes>` attributes (below) 482 483 .. index:: 484 single: ident; PasswordHash keyword 485 486 ``ident`` 487 If present, the class supports multiple formats for encoding 488 the same hash. The class's documentation will generally list 489 the allowed values, allowing alternate output formats to be selected. 490 491 Note that these values will typically correspond to different 492 revision of the hash algorithm itself, and they may not all 493 offer the same level of security. 494 495 ``truncate_error`` 496 497 This will be present if and only if the hash truncates passwords 498 larger than some limit (reported via it's :attr:`truncate_size` attribute). 499 By default, they will silently truncate passwords above their limit. 500 Setting ``truncate_error=True`` will cause :meth:`PasswordHash.hash` 501 to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. 502 503 .. index:: 504 single: relaxed; PasswordHash keyword 505 506 .. _relaxed-keyword: 507 508 ``relaxed`` 509 By default, passing an invalid value to :meth:`PasswordHash.using` 510 will result in a :exc:`ValueError`. However, if ``relaxed=True`` 511 then Passlib will attempt to correct the error and (if successful) 512 issue a :exc:`~passlib.exc.PasslibHashWarning` instead. 513 This warning may then be filtered if desired. 514 Correctable errors include (but are not limited to): ``rounds`` 515 and ``salt_size`` values that are too low or too high, ``salt`` 516 strings that are too large. 517 518 .. versionadded:: 1.6 519 520.. _context-keywords: 521 522.. attribute:: PasswordHash.context_kwds 523 524 Tuple listing the keywords supported by :meth:`PasswordHash.hash`, 525 :meth:`PasswordHash.verify`, and :meth:`PasswordHash.genhash`. 526 These keywords are different from the settings kwds in that the context keywords 527 affect the hash, but are not encoded within it, and thus must be provided each time 528 the hash is calculated. 529 530 This list commonly includes a user account, http realm identifier, 531 etc. Most of these keywords are required by the hashes which support them, 532 as they are frequently used in place of an embedded salt parameter. 533 534 *Most hash algorithms in Passlib will have no context keywords.* 535 536 While the documentation for each hash should have a complete list of 537 the specific context keywords the hash uses, 538 the following keywords should have roughly the same behavior 539 for all the hashes that support them: 540 541 .. index:: 542 single: user; PasswordHash keyword 543 544 ``user`` 545 546 If present, the class requires a username be specified whenever 547 performing a hash calculation (e.g. 548 :class:`~passlib.hash.postgres_md5` and 549 :class:`~passlib.hash.oracle10`). 550 551 .. index:: 552 single: encoding; PasswordHash keyword 553 554 ``encoding`` 555 556 Some hashes have poorly-defined or host-dependant unicode behavior, 557 and properly hashing a non-ASCII password requires providing 558 the correct encoding (:class:`~passlib.hash.lmhash` is perhaps the worst offender). 559 Hashes which provide this keyword will always expose 560 their default encoding programmatically via the 561 :attr:`PasswordHash.default_encoding` attribute. 562 563.. attribute:: truncate_size 564 565 A positive integer, indicating the hash will truncate any passwords larger than this many bytes. 566 If ``None`` (the more common case), indicates the hash will use 567 the entire password provided. 568 569 Hashes which specify this setting will also support a ``truncate_error`` 570 flag via their :meth:`PasswordHash.using` method, to configure 571 how truncation is handled. 572 573.. seealso:: :ref:`hash-configuring` tutorial for a usage example 574 575.. _salt-attributes: 576 577Salt Information Attributes 578=========================== 579For schemes which support a salt string, 580``"salt"`` should be listed in their :attr:`PasswordHash.setting_kwds`, 581and the following attributes should be defined: 582 583.. attribute:: PasswordHash.max_salt_size 584 585 The maximum number of bytes/characters allowed in the salt. 586 Should either be a positive integer, or ``None`` (indicating 587 the algorithm has no effective upper limit). 588 589.. attribute:: PasswordHash.min_salt_size 590 591 The minimum number of bytes/characters required for the salt. 592 Must be an integer between 0 and :attr:`PasswordHash.max_salt_size`. 593 594.. attribute:: PasswordHash.default_salt_size 595 596 The default salt size that will be used when generating a salt, 597 assuming ``salt_size`` is not set explicitly. This is typically 598 the same as :attr:`max_salt_size`, 599 or a sane default if ``max_salt_size=None``. 600 601.. attribute:: PasswordHash.salt_chars 602 603 A unicode string containing all the characters permitted 604 in a salt string. 605 606 For most :ref:`modular-crypt-format` hashes, 607 this is equal to :data:`passlib.utils.binary.HASH64_CHARS`. 608 For the rare hashes where the ``salt`` parameter must be specified 609 in bytes, this will be a placeholder :class:`!bytes` object containing 610 all 256 possible byte values. 611 612.. 613 not yet documentated, want to make sure this is how we want to do things: 614 615 .. attribute:: PasswordHash.default_salt_chars 616 617 sequence of characters used to generate new salts. 618 this is typically the same as :attr:`PasswordHash.salt_chars`, but some 619 hashes accept a larger-than-useful range, and this will 620 contain only the "common" values used for generation. 621 622.. _rounds-attributes: 623 624Rounds Information Attributes 625============================= 626For schemes which support a variable time-cost parameter, 627``"rounds"`` should be listed in their :attr:`PasswordHash.setting_kwds`, 628and the following attributes should be defined: 629 630.. attribute:: PasswordHash.max_rounds 631 632 The maximum number of rounds the scheme allows. 633 Specifying a value beyond this will result in a :exc:`ValueError`. 634 This will be either a positive integer, or ``None`` (indicating 635 the algorithm has no effective upper limit). 636 637.. attribute:: PasswordHash.min_rounds 638 639 The minimum number of rounds the scheme allows. 640 Specifying a value below this will result in a :exc:`ValueError`. 641 Will always be an integer between 0 and :attr:`PasswordHash.max_rounds`. 642 643.. attribute:: PasswordHash.default_rounds 644 645 The default number of rounds that will be used if none is explicitly 646 provided to :meth:`PasswordHash.hash`. 647 This will always be an integer between :attr:`PasswordHash.min_rounds` 648 and :attr:`PasswordHash.max_rounds`. 649 650.. attribute:: PasswordHash.rounds_cost 651 652 While the cost parameter ``rounds`` is an integer, how it corresponds 653 to the amount of time taken can vary between hashes. This attribute 654 indicates the scale used by the hash: 655 656 * ``"linear"`` - time taken scales linearly with rounds value 657 (e.g. :class:`~passlib.hash.sha512_crypt`) 658 * ``"log2"`` - time taken scales exponentially with rounds value 659 (e.g. :class:`~passlib.hash.bcrypt`) 660 661.. todo:: document the additional :meth:`PasswordHash.using` keywords 662 available for setting rounds limits. 663 664.. 665 todo: haven't decided if this is how I want the api look before 666 formally publishing it in the documentation: 667 668 .. _password-hash-backends: 669 670 Multiple Backends 671 ================= 672 .. note:: 673 674 For the most part, applications will not need this interface, 675 outside of perhaps calling the :meth:`PasswordHash.get_backend` 676 to determine which the active backend. 677 678 Some hashes provided by Passlib have multiple backends which they 679 select from at runtime, to provide the fastest implementation available. 680 Algorithms which offer multiple backends will expose the following 681 methods and attributes: 682 683 .. attribute:: PasswordHash.backends 684 685 Tuple listing names of potential backends (which may or may not be available). 686 If this attribute is not present, the hash does not support 687 multiple backends. 688 689 While the names of the backends are specific to the hash algorithm, 690 the following standard names may be present: 691 692 * ``"os_crypt"`` - backend which uses stdlib's :mod:`!crypt` module. 693 this backend will not be available if the underlying host OS 694 does not support the particular hash algorithm. 695 696 * ``"builtin"`` - backend using pure-python implementation built into 697 Passlib. All hashes will have this as their last backend, as a fallback. 698 699 .. method:: PasswordHash.get_backend() 700 701 This method should return the name of the currently active backend 702 that will be used by :meth:`PasswordHash.hash` and :meth:`PasswordHash.verify`. 703 704 :raises passlib.exc.MissingBackendError: 705 in the rare case that *no* backends can be loaded. 706 707 .. method:: PasswordHash.has_backend(backend) 708 709 This method can be used to test if a specific backend is available. 710 Returns ``True`` or ``False``. 711 712 .. method:: PasswordHash.set_backend(backend) 713 714 This method can be used to select a specific backend. 715 The ``backend`` argument must be one of the backends listed 716 in :attr:`PasswordHash.backends`, or the special value ``"default"``. 717 718 :raises passlib.exc.MissingBackendError: 719 if the specified backend is not available. 720