PBKDF2 for Python because bcrypt is overkill Unlike bcrypt this is easy to understand, secure enough given a sufficently random salt and implemented on top of the stdlib in about 20 lines of code. Also easy to understand and analyze. Tests included. Happy hashing.