pbkdf2(1000,20,sha512)$etc... in v2.22.5

69 views
Skip to first unread message

lucas

unread,
Aug 17, 2022, 10:01:32 PM8/17/22
to web2py-users
hello one and all,
in linux/bash script code, not web2py interface, how do i take a regular string and convert it into the password that is stored in the password in the auth_user table under web2py version 2.22.5?
thank you in advance, lucas

Jim S

unread,
Aug 18, 2022, 8:40:35 AM8/18/22
to web2py-users
Here is what I'm using:

password = str(CRYPT(key="pbkdf2(1000,20,sha512):whatever-your-hash-string-is")(unhashed)[0])

lucas

unread,
Aug 18, 2022, 8:44:19 AM8/18/22
to web2py-users
but how do you generate the hash string from the regular text string?

Jim Steil

unread,
Aug 18, 2022, 8:53:38 AM8/18/22
to web...@googlegroups.com
It should be the same as auth.settings.hmac_key, probably set in db.py

auth.settings.hmac_key = (
    "sha512:whatever-your-has-string-is"  # before define_tables()
)


--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/801jh-wneL0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/2b0bd3f4-5dbc-49b5-b40e-e50e616b9d1dn%40googlegroups.com.

lucas

unread,
Aug 18, 2022, 3:34:45 PM8/18/22
to web2py-users
ok, that sets up the web2py environment.  i'm asking how to reproduce or generate the hashed key from regular text within a separate shell script.  lucas

Jim S

unread,
Aug 18, 2022, 4:51:41 PM8/18/22
to web2py-users
I must be misunderstanding something, because that is what I thought I just showed.

hashed_password = str(CRYPT(key="pbkdf2(1000,20,sha512):whatever-your-hash-string-is")(plain_text_password)[0])

"whatever-your-hash-string-is needs" to be the same as what you're assigning to auth.settings.hmac_key in db.py

hashed_password should then match what is in auth_user.password

-Jim


lucas

unread,
Aug 19, 2022, 7:27:15 AM8/19/22
to web2py-users
ok, i am trying to understand.  i'm using web2py 2.22.5 under centos 8 in console only mode.  i searched all of my application files and there is no hint of auth.settings.hmac_key = "such and such".  when i access auth, session, request, etc., i can see an hmac_key key in auth.settings but it is None, AND i see a session changing value under session.auth with an equal value under response.  but again, that changes with each login.

i grep'd "hmac_key" under gluon and found "pbkdf2_hex" and "simple_hash" under gluon/packages/dal/pydal/validators.py, and i suspect i would access and use these functions based on previous posts asking similar questions, but i have no idea how to import them and then use them in a bash/python script file to reproduce the hash in a password field under web2py.

so i ask again: "in linux/bash script code, not web2py interface [or application], how do i take a regular string and convert it into the password that is stored in the password in the auth_user table under web2py version 2.22.5?"

lucas

Jim S

unread,
Aug 19, 2022, 8:40:07 AM8/19/22
to web2py-users
I think we'll need help from someone who knows more about this than I do.

-Jim
Reply all
Reply to author
Forward
0 new messages