diff --git a/lang/python/python-bcrypt/Makefile b/lang/python/python-bcrypt/Makefile
index b3855a4734..267f59f346 100644
--- a/lang/python/python-bcrypt/Makefile
+++ b/lang/python/python-bcrypt/Makefile
@@ -6,16 +6,17 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-bcrypt
-PKG_VERSION:=3.2.2
+PKG_VERSION:=4.0.1
 PKG_RELEASE:=1
 
 PYPI_NAME:=bcrypt
-PKG_HASH:=433c410c2177057705da2a9f2cd01dd157493b2a7ac14c8593a16b3dab6b6bfb
+PKG_HASH:=27d375903ac8261cfe4047f6709d16f7d18d39b1ec92aaf72af989552a650ebd
 
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
 
-PKG_BUILD_DEPENDS:=libffi/host python-cffi/host  # cffi>=1.1
+PKG_BUILD_DEPENDS:=python-setuptools-rust/host
 
 include ../pypi.mk
 include $(INCLUDE_DIR)/package.mk
@@ -27,11 +28,12 @@ define Package/python3-bcrypt
   SUBMENU:=Python
   TITLE:=Modern password hashing
   URL:=https://github.com/pyca/bcrypt/
-  DEPENDS:=+python3-light +python3-cffi
+  DEPENDS:=+python3-light $(RUST_ARCH_DEPENDS)
 endef
 
 define Package/python3-bcrypt/description
-  Good password hashing for your software and your servers.
+Acceptable password hashing for your software and your servers (but you
+should really use argon2id or scrypt)
 endef
 
 $(eval $(call Py3Package,python3-bcrypt))
diff --git a/lang/python/python-bcrypt/test.sh b/lang/python/python-bcrypt/test.sh
new file mode 100644
index 0000000000..9443614f42
--- /dev/null
+++ b/lang/python/python-bcrypt/test.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+[ "$1" = python3-bcrypt ] || exit 0
+
+python3 - << EOF
+import sys
+import bcrypt
+password = b"super secret password"
+hashed = bcrypt.hashpw(password, bcrypt.gensalt())
+sys.exit(0 if bcrypt.checkpw(password, hashed) else 1)
+EOF