Werkzeug password encryption

Question

I am trying to encrypt a password using werkzeug library. I don't know what why i am getting pbkdf2:sha256:600000 for every any password i try to encrypt.

Here's my code

import werkzeug
# from hashlib import pbkdf2_hmac

x = werkzeug.security.generate_password_hash(password="123456", method="pbkdf2:sha256", salt_length=8)
print(x)

Here's the output i am getting pbkdf2:sha256:600000$hbZ2Diwi$228e3cae24487c6a59de2947dda1e86312a4cfe451d024c53d56514ea41d7953 I just want to return the string after pbkdf2:sha256:600000 but i don't want to slice the string.

Please use the official / reference documentation before asking here on [so], we don't like wasting time. — Maarten Bodewes, Aug 19 '23 at 23:56

score 0 · Accepted Answer · answered Aug 19 '23 at 23:55

0

Well, that took at least seconds to look up.

You can use this separate function that your function according to the official documentation:

... pbkdf2, the default. The parameters are hash_method and iterations, the default is pbkdf2:sha256:600000. See hashlib.pbkdf2_hmac().

Even the link is provided. You can return the base 64 instead of the hex by calling b64encode(dk).decode() instead of dk.hex(). It should return the same value (given the identical iteration count & salt value, of course).

answered Aug 19 '23 at 23:55

Maarten Bodewes

90,524
13
150
263

I tried *hashlib.pbkdf2_hmac()* but i don't know what value to pass for salt argument. – Parth Pawar Aug 20 '23 at 01:40
The salt value should be unique for each hash. You can use any cryptographic random byte array, say 16 bytes. You'd need to keep this value with the hash, or have a value that is kept otherwise but is unique. Without a salt the resulting hash (or partial encryption) is vulnerable against pre-computation attacks, rainbow tables and such. – Maarten Bodewes Aug 20 '23 at 02:32

Werkzeug password encryption

1 Answers1