Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Zozi96/hash-forge/llms.txt
Use this file to discover all available pages before exploring further.
HashManager is the central orchestrator for all hashing operations in Hash Forge. It holds an ordered collection of hasher instances, routes verification requests to the correct hasher automatically, and optionally enforces a PasswordHashPolicy. Import it directly from the top-level package:
Constructor
preferred_hasher and is used for all new hashes. Hashers are stored in insertion order so that verify and needs_rehash can route to the appropriate algorithm by inspecting the hash string prefix.
One or more hasher instances that conform to the
PHasher protocol. At least one must be provided.Factory Classmethods
from_algorithms
HashManager by name — Hash Forge instantiates the underlying hashers for you via the internal HasherFactory. The first algorithm in the list becomes the preferred hasher. Any **kwargs are forwarded to every hasher constructor.
One or more algorithm identifier strings, e.g.
"argon2", "pbkdf2_sha256". See AlgorithmType for all valid values.Additional keyword arguments forwarded to each hasher’s constructor — useful for quick one-algorithm managers. For per-algorithm control, use
from_config or the builder.Raises
UnsupportedAlgorithmError if any algorithm string is not recognised by the factory.from_config
HashManager from a HashForgeConfig object. Each algorithm’s constructor parameters are pulled from the config automatically via config.get_hasher_config(algorithm).
A
HashForgeConfig instance loaded from environment variables, a JSON file, or a dict.Algorithm identifiers to instantiate. Ordering determines the preferred hasher.
from_policy
HashManager whose algorithm set, constructor options, and enforcement rules are all driven by a PasswordHashPolicy. The policy is attached to the manager instance and is consulted during hash, verify, and needs_rehash calls.
A
PasswordHashPolicy instance. The policy’s preferred_algorithm becomes the manager’s preferred hasher; remaining algorithms are registered for verification and migration.quick_hash (static method)
HashManager instance is created.
The plaintext string to hash.
Algorithm to use. Defaults to
"pbkdf2_sha256".Additional arguments forwarded to the hasher constructor (e.g.
iterations=300000).builder (static method)
HashManagerBuilder instance for fluent, chainable configuration.
Instance Methods
hash
string using the preferred_hasher. If a PasswordHashPolicy is attached, validate_for_hashing is called first and will raise ValueError for unsafe algorithm choices (e.g. bare digest algorithms or deprecated ones).
The plaintext string to hash.
str — the hashed string produced by the preferred hasher.
verify
The plaintext string to verify.
The previously produced hash to compare against.
bool — True if the string matches the hash, False otherwise. Returns False (never raises) when no registered hasher can handle the hash format.
If a
PasswordHashPolicy is active and it disallows verification of the hash’s algorithm (e.g. allow_legacy_verify=False), verify returns False rather than raising an exception.needs_rehash
True when the hash should be replaced with a fresh one. A rehash is needed when:
- The algorithm’s parameters (e.g. iteration count) have changed since the hash was created.
- No registered hasher recognises the hash (treated as unknown/unsafe).
- A
PasswordHashPolicyis attached and itsneeds_updatecheck determines the hash is outdated (e.g. the hash was produced by a non-preferred algorithm).
The hash to evaluate.
bool
rotate
string against old_hash and, if successful, immediately re-hashes it with the preferred_hasher. This is the recommended way to migrate hashes to a new algorithm during a login flow.
The plaintext string to verify and re-hash.
The existing hash to verify against.
str | None — the new hash produced by the preferred hasher, or None if verification failed.
verify_and_update
The plaintext string to verify.
The stored hash to verify against.
tuple[bool, str | None]
| Position | Type | Meaning |
|---|---|---|
[0] | bool | True if verification passed |
[1] | str | None | New hash if a rehash was needed; None if not needed or verification failed |
inspect
The hash string to inspect.
dict[str, Any] | None — a dictionary containing at minimum:
| Key | Type | Description |
|---|---|---|
"algorithm" | str | Canonical algorithm name |
"category" | str | One of "password", "legacy", "digest", "deprecated" |
"deprecated" | bool | True if the algorithm is deprecated |
iterations, rounds, time_cost) are included when the hasher exposes a _parse_hash method. Returns None if no registered hasher recognises the hash.
list_algorithms
list[str]
Attributes
| Attribute | Type | Description |
|---|---|---|
preferred_hasher | PHasher | The hasher used for all new hashes (first registered). |
hashers | tuple[tuple[str, PHasher], ...] | Ordered tuple of (algorithm_name, hasher) pairs in insertion order. |
hasher_map | dict[str, PHasher] | Dictionary mapping algorithm names to hashers for O(1) lookup. |
policy | PasswordHashPolicy | None | The active policy, if one was set via from_policy. None by default. |
Async Methods
HashManager inherits AsyncHashMixin, which adds hash_async, verify_async, needs_rehash_async, hash_many_async, and verify_many_async for use in asyncio applications. See the AsyncHashMixin reference for details.