• loading...

performs a secure hash on the input and it is used to prevent passwords from being passed in the clear to the database

By default, CRYPT uses 1000 iterations of the pbkdf2 algorithm combined with SHA512 to produce a 20-byte-long hash. Older versions of web2py used "md5" or HMAC+SHA512 depending on whether a key was was specified or not.

The CRYPT validator hashes its input, and this makes it somewhat special. If you need to validate a password field before it is hashed, you can use CRYPT in a list of validators, but must make sure it is the last of the list, so that it is called last. For example:

requires = CRYPT()

requires = [IS_STRONG(),CRYPT(key='sha512:thisisthekey')]

Attributes / Arguments

If a key is specified, CRYPT uses the HMAC algorithm. The key may contain a prefix that determines the algorithm to use with HMAC, for example SHA512:

requires = CRYPT(key='sha512:thisisthekey')

By default, CRYPT uses random salt, such that each result is different. To use a constant salt value, specify its value:

requires = CRYPT(salt=False)

The resulting hash takes the form alg$salt$hash, where alg is the hash algorithm used, salt is the salt string (which can be empty), and hash is the algorithm's output. Consequently, the hash is self-identifying, allowing, for example, the algorithm to be changed without invalidating previous hashes. The key, however, must remain the same.

requires = CRYPT(min_length=5)




Powered by

Hosted on
(affiliated link)