Python: cannot import scrypt from hashlib

Question

I need to use scrypt algorithm and since I´m already using hashlib, I figured... why not? I already checked this and it pointed out OpenSSL 1.1+ was necessary. Also, according to official doc:

hashlib.scrypt(password, *, salt, n, r, p, maxmem=0, dklen=64)

...

Availability: OpenSSL 1.1+.

New in version 3.6.

I made sure to have the latest version of openssl:

# openssl version
OpenSSL 1.1.1b  26 Feb 2019

I also tried to run python3.6 and python3 (3.4) and both say they cannot import scrypt:

# python3.6
Python 3.6.5 (default, Apr 10 2018, 17:08:37)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from hashlib import pbkdf2_hmac
>>> from hashlib import scrypt
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ImportError: cannot import name 'scrypt'

As you can see, other methods like pbkdf2_hmac work. What could be wrong?

Also, what is the * in hashlib.scrypt(password, *, salt, n, r, p, maxmem=0, dklen=64)?

Answer 1

My mac is running with OpenSSL 1.1.1 11 Sep 2018. I reproduced your import symptoms with python3.6, and found that scrypt imported just fine with python3.7. You might consider trying 3.7.

The * in the signature is a relatively new syntax which marks the end of positional arguments. So you can't invoke as scrypt('secret', 'mySalt'). You need to specify keyword args, e.g. scrypt('secret', salt='mySalt'). The intent is to make it harder to call incorrectly by using a mistaken arg order. This tends to be especially important for crypto APIs, where many of the args are opaque and hard to validate.