Here is the code the compares a plain text password to the stored hashed password:
https://github.com/web2py/web2py/blob/4ed36cfb1fe960d5c818c53562d920d407e991ae/gluon/validators.py#L2919-L2922
The salt and the digest algorithm name and parameters are stored in a string combined with the hash. The above linked code extracts the salt, digest algorithm, and hash stored in the database. It then uses the salt and digest algorithm info to hash the plain text password in order to determine if it is the same as the stored hash.
To hash the password, it calls
simple_hash in
gluon.utils. You can review that code to figure out how the hashing is done.
As seen
here, the default digest algorithm used by
CRYPT (and ultimately passed to
simple_hash) is
pbkdf2(1000,20,sha512), so unless you have changed the default, that is what you should use.
You'll have to figure out how to replicate the hashing process in whatever language you are using, though the algorithms are standard, so hopefully that will be fairly straightforward.
Anthony