Hash Forge is a lightweight, security-focused Python library that gives you a single, consistent interface for hashing and verifying data across more than a dozen algorithms — from memory-hard password hashers like Argon2 and bcrypt to fast cryptographic digests like BLAKE3 and SHA-3. It was built for developers who need strong defaults without boilerplate: oneDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Zozi96/hash-forge/llms.txt
Use this file to discover all available pages before exploring further.
HashManager handles algorithm routing, fallback verification, rehash detection, and even on-login hash rotation. Whether you’re building a new application and want the gold-standard Argon2 setup out of the box, or migrating a legacy system still running PBKDF2 hashes, Hash Forge handles the complexity so you don’t have to.
Key Features
12+ Hashing Algorithms
First-class support for Argon2, bcrypt, bcrypt-SHA256, PBKDF2-SHA256, PBKDF2-SHA1, Scrypt, BLAKE2, BLAKE3, SHA-3 256, SHA-3 512, RIPEMD-160, and Whirlpool — all behind one unified API.
Async / Await Support
Non-blocking
hash_async(), verify_async(), and hash_many_async() methods run in a thread-pool executor, delivering 3–10× speedups for concurrent batch workloads in async frameworks.Builder Pattern
A fluent, chainable
HashManager.builder() API lets you compose a fully configured manager — algorithms, custom parameters, and preferred hasher — in a single readable expression.Policy-Based Hashing
PasswordHashPolicy ships ready-made profiles (recommended(), fips(), legacy_compat()) that encode security best practices. Pair with verify_and_update() for automatic policy enforcement on every login.Zero-Friction Migration
verify_and_update() and rotate() let you transparently upgrade stored hashes to a new algorithm at login time — no bulk re-encryption required, no downtime, no plaintext exposure.Type-Safe API
The
AlgorithmType literal union gives IDEs full autocomplete over every supported algorithm name. The package ships a py.typed marker so mypy and Pyright pick up all type information automatically.Supported Python Versions
Hash Forge officially supports and is tested against:| Version | Status |
|---|---|
| Python 3.11 | ✅ Supported |
| Python 3.12 | ✅ Supported |
| Python 3.13 | ✅ Supported |
| Python 3.14 | ✅ Supported |
License
Hash Forge is released under the MIT License, allowing use in both open-source and commercial projects without restriction.How It Works
At the centre of Hash Forge isHashManager — the single object your application talks to. When you call HashManager.from_algorithms("argon2", "pbkdf2_sha256"), the internal HasherFactory resolves each algorithm name to its concrete hasher class and registers them in an O(1) lookup map.
Hashing always delegates to the preferred hasher — the first algorithm you pass. Verification is automatic: HashManager inspects the hash prefix and routes the call to whichever registered hasher claims it via can_handle(). This means a manager configured with Argon2 as its preferred hasher can still verify legacy PBKDF2 hashes transparently, with no extra code.
Rehash detection (needs_rehash()) compares the parameters embedded in the stored hash against the current hasher’s configured minimums. If the stored hash used fewer PBKDF2 iterations or lower bcrypt rounds, needs_rehash() returns True so you can upgrade it on the next successful login.
Next Steps
Installation
Install Hash Forge via pip, explore optional extras for bcrypt, Argon2, BLAKE3, and pycryptodome, and verify your setup.
Quickstart
Hash your first password, use multi-algorithm fallback, and detect rehashing needs — all in under five minutes.
