Flask-Scrypt¶
Flask-Scrypt is a Flask extension used to generate scrypt password hashes and random salts. For those looking for extra security compared to SHA-1 and MD5 encryption. Flask-Scrypt depends on py-scrypt which should install automatically but can be installed manually using pip install scrypt
Installation¶
Install the extension with one of the following commands:
$ pip install flask-scrypt
or alternatively if you must:
$ easy_install install flask-scrypt
Usage¶
>>> from flask.ext.scrypt import generate_random_salt, generate_password_hash, check_password_hash
>>> salt = generate_random_salt() #: You can also provide the byte length to return: salt = generate_random_salt(32)
>>> password_hash = generate_password_hash('mypassword', salt)
Remember you sould store the generated salt and hash in your database with each user to use with check_password_hash().
>>> check_password_hash('mypassword', password_hash, salt) # if password matches password used to generate_password_hash function will return True.
API¶
Flask-Scrypt flask extension provides scrypt password hashing and random salt generation. Hashes and Salts are base64 encoded.
-
flask_scrypt.
generate_password_hash
(password, salt, N=16384, r=8, p=1, buflen=64)¶ Generate password hash givin the password string and salt.
- Args:
password
: Password string.salt
: Random base64 encoded string.
- Optional args:
N
: the CPU cost, must be a power of 2 greater than 1, defaults to 1 << 14.r
: the memory cost, defaults to 8.p
: the parallelization parameter, defaults to 1.
The parameters r, p, and buflen must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32.
The recommended parameters for interactive logins as of 2009 are N=16384, r=8, p=1. Remember to use a good random salt.
- Returns:
- base64 encoded scrypt hash.
-
flask_scrypt.
generate_random_salt
(byte_size=64)¶ Generate random salt to use with generate_password_hash().
- Optional Args:
byte_size
: The length of salt to return. default = 64.
- Returns:
- str of base64 encoded random bytes.
-
flask_scrypt.
check_password_hash
(password, password_hash, salt, N=16384, r=8, p=1, buflen=64)¶ Given a password, hash, salt this function verifies the password is equal to hash/salt.
- Args:
password
: The password to perform check on.
- Returns:
bool
-
flask_scrypt.
enbase64
(byte_str)¶ Encode bytes/strings to base64.
- Args:
byte_str
: The string or bytes to base64 encode.
- Returns:
- byte_str encoded as base64.
-
flask_scrypt.
debase64
(byte_str)¶ Decode base64 encoded bytes/strings.
- Args:
byte_str
: The string or bytes to base64 encode.
- Returns:
- decoded string as type str for python2 and type byte for python3.