PyOpenSSL is a high-level wrapper around a subset of the OpenSSL library.

Bcrypt is a Python module which provides a password hashing method based on the Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

Python-oscrypto is a compilation-free encryption library which integrates with the encryption library that is part of the operating system. It supports TLS (SSL) sockets, key generation, encryption, decryption, signing, verification and KDFs using the OS crypto libraries.

argon2-cffi-bindings provides low-level CFFI bindings to the official implementation of the Argon2 password hashing algorithm.

PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library. These libraries have a stated goal of improving usability, security and speed.

M2Crypto is a complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers (including AES); TLS functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; M2Crypto can also be used to provide TLS for Twisted. Smartcards supported through the Engine interface.

This package provides a Python implementation of the SPAKE2 Password-Authenticated Key Exchange algorithm.

This is a low-level, pure Python DBus protocol client. It has an I/O-free core, and integration modules for different event loops.

This is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python. With this library, you can quickly create key pairs (signing key and verifying key), sign messages, and verify the signatures. The keys and signatures are very short, making them easy to handle and incorporate into other protocols.

This package provides a Python implementation of the HMAC Key Derivation function (HKDF) defined in RFC 5869.

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the command line.

PyOTP is a Python library for generating and verifying one-time passwords. It can be used to implement two-factor (2FA) or multi-factor (MFA) authentication methods in web applications and in other systems that require users to log in.

This package contains a pure-Python implementation of the AES block cipher algorithm and the common modes of operation (CBC, CFB, CTR, ECB and OFB).

This library allows you to write entries to a KeePass database. It supports KDBX3 and KDBX4.

This is a set of python bindings for keyutils, a key management suite that leverages the infrastructure provided by the Linux kernel for safely storing and retrieving sensitive information in your programs.

Certipy was made to simplify the certificate creation process. To that end, certipy exposes methods for creating and managing certificate authorities, certificates, signing and building trust bundles.

PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It's not a wrapper to a separate C library like OpenSSL. To the largest possible extent, algorithms are implemented in pure Python. Only the pieces that are extremely critical to performance (e.g., block ciphers) are implemented as C extensions.

You are expected to have a solid understanding of cryptography and security engineering to successfully use these primitives. You must also be able to recognize that some are obsolete (e.g., TDES) or even insecure (RC4).

It provides many enhancements over the last release of PyCrypto (2.6.1):

• Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)

• Accelerated AES on Intel platforms via AES-NI

• First-class support for PyPy

• Elliptic curves cryptography (NIST P-256 curve only)

• Better and more compact API (nonce and iv attributes for ciphers, automatic generation of random nonces and IVs, simplified CTR cipher mode, and more)

• SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms

• Salsa20 and ChaCha20 stream ciphers

• scrypt and HKDF

• Deterministic (EC)DSA

• Password-protected PKCS#8 key containers

• Shamir’s Secret Sharing scheme

• Random numbers get sourced directly from the OS (and not from a CSPRNG in userspace)

• Cleaner RSA and DSA key generation (largely based on FIPS 186-4)

• Major clean-ups and simplification of the code base

PyCryptodomex is the stand-alone version of PyCryptodome that no longer provides drop-in compatibility with PyCrypto.

The Python keyring lib provides a easy way to access the system keyring service from python. It can be used in any application that needs safe password storage.

This library handles the low-level details of NTLM authentication for use in authenticating with a service that uses NTLM. It will create and parse the 3 different message types in the order required and produce a base64 encoded value that can be attached to the HTTP header.

The goal of this library is to offer full NTLM support including signing and sealing of messages as well as supporting MIC for message integrity and the ability to customise and set limits on the messages sent. Please see Features and Backlog for a list of what is and is not currently supported.

Base58 and Base58Check implementation compatible with what is used by the Bitcoin network.

Passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 30 password hashing algorithms, as well as a framework for managing existing password hashes. It's designed to be useful for a wide range of tasks, from verifying a hash found in /etc/shadow, to providing full-strength password hashing for multi-user application.

This Python package is a high-level wrapper for Kerberos (GSSAPI) operations. The goal is to avoid having to build a module that wraps the entire Kerberos.framework, and instead offer a limited set of functions that do what is needed for client/server Kerberos authentication based on <http://www.ietf.org/rfc/rfc4559.txt>.

This is a Python implementation of the zxcvbn library created at Dropbox. The original library, written for JavaScript, can be found here. This port includes features such as:

1. Accepts user data to be added to the dictionaries that are tested against (name, birthdate, etc.)

2. Gives a score to the password, from 0 (terrible) to 4 (great).

3. Provides feedback on the password and ways to improve it.

4. Returns time estimates on how long it would take to guess the password in different situations.

Argon2 is a secure password hashing algorithm. It is designed to have both a configurable runtime as well as memory consumption. This means that you can decide how long it takes to hash a password and how much memory is required.