Masonite provides secure hashing for storing user passwords or other data. Bcrypt and Argon2 protocols can be used with Masonite (default is Bcrypt).


Hashing configuration is located at config/application.py file. In this file, you can configure which protocol to use.

    "default": "bcrypt",
    "bcrypt": {"rounds": 10},
    "argon2": {"memory": 1024, "threads": 2, "time": 2},

Hashing a string

You can use the Hash facade to easily hash a string (e.g. a password):

from masonite.facades import Hash

Hash.make("secret") #== $2b$10$3Nm9sWFYhi.GUJ...

Note that you can return a hash as bytes with:

from masonite.facades import Hash

Hash.make_bytes("secret") #== b"$2b$10$3Nm9sWFYhi.GUJ..."

Checking a string matches a Hash

To check that a plain-text string corresponds to a given hash you can do:

from masonite.facades import Hash

Hash.check("secret", "$2b$10$3Nm9sWFYhi.GUJ...") #== True

Verifying a Hash needs to be re-hashed

You can determine if the work factor used by the hashing protocol has changed since the string was hashed using needs_rehash:

from masonite.facades import Hash

Hash.needs_rehash("$2b$10$3Nm9sWFYhi.GUJ...") #== True


You can change hashing protocol configuration on the fly for all Hash methods:

from masonite.facades import Hash

Hash.make("secret", options={"rounds": 5})

You can also change protocol on the fly:

from masonite.facades import Hash

Hash.make("secret", driver="argon2", options={"memory": 512, "threads": 8, "time": 2})

Last updated