securityencryptionhashwerkzeugwebsecurity

Werkzeug password encryption


I am trying to encrypt a password using werkzeug library. I don't know what why i am getting pbkdf2:sha256:600000 for every any password i try to encrypt.

Here's my code

import werkzeug
# from hashlib import pbkdf2_hmac

x = werkzeug.security.generate_password_hash(password="123456", method="pbkdf2:sha256", salt_length=8)
print(x)

Here's the output i am getting pbkdf2:sha256:600000$hbZ2Diwi$228e3cae24487c6a59de2947dda1e86312a4cfe451d024c53d56514ea41d7953 I just want to return the string after pbkdf2:sha256:600000 but i don't want to slice the string.


Solution

  • Well, that took at least seconds to look up.

    You can use this separate function that your function according to the official documentation:

    ... pbkdf2, the default. The parameters are hash_method and iterations, the default is pbkdf2:sha256:600000. See hashlib.pbkdf2_hmac().

    Even the link is provided. You can return the base 64 instead of the hex by calling b64encode(dk).decode() instead of dk.hex(). It should return the same value (given the identical iteration count & salt value, of course).