Docs for CRYPT

[ Python Tutorial ] [ Python Libraries ] [ web2py epydoc ]


<type 'type'> extends (<type 'object'>,)

Use as::

INPUT(_type='text', _name='name', requires=CRYPT())

encodes the value on validation with a digest.

If no arguments are provided CRYPT uses the MD5 algorithm.
If the key argument is provided the HMAC+MD5 algorithm is used.
If the digest_alg is specified this is used to replace the
MD5 with, for example, SHA512. The digest_alg can be
the name of a hashlib algorithm as a string or the algorithm itself.

min_length is the minimal password length (default 4) - IS_STRONG for serious security
error_message is the message if password is too short

Notice that an empty password is accepted but invalid. It will not allow login back.
Stores junk as hashed password.

Specify an algorithm or by default we will use sha512.

Typical available algorithms:
md5, sha1, sha224, sha256, sha384, sha512

If salt, it hashes a password with a salt.
If salt is True, this method will automatically generate one.
Either case it returns an encrypted password string in the following format:


Important: hashed password is returned as a LazyCrypt object and computed only if needed.
The LasyCrypt object also knows how to compare itself with an existing salted password

Supports standard algorithms

>>> for alg in ('md5','sha1','sha256','sha384','sha512'):
print str(CRYPT(digest_alg=alg,salt=True)('test')[0])

The syntax is always alg$salt$hash

Supports for pbkdf2

>>> alg = 'pbkdf2(1000,20,sha512)'
>>> print str(CRYPT(digest_alg=alg,salt=True)('test')[0])

An optional hmac_key can be specified and it is used as salt prefix

>>> a = str(CRYPT(digest_alg='md5',key='mykey',salt=True)('test')[0])
print a

Even if the algorithm changes the hash can still be validated

>>> CRYPT(digest_alg='sha1',key='mykey',salt=True)('test')[0] == a

If no salt is specified CRYPT can guess the algorithms from length:

a = str(CRYPT(digest_alg='sha1',salt=False)('test')[0])
>>> CRYPT(digest_alg='sha1',salt=False)('test')[0] == a
>>> CRYPT(digest_alg='sha1',salt=False)('test')[0] == a[6:]
>>> CRYPT(digest_alg='md5',salt=False)('test')[0] == a
>>> CRYPT(digest_alg='md5',salt=False)('test')[0] == a[6:]


CRYPT.__call__ <type 'instancemethod'> belongs to class <type 'instancemethod'>

CRYPT.__class__ <type 'type'> extends (<type 'object'>,) belongs to class <type 'type'>
type(object) -> the object's type type(name, bases, dict) -> a new type

CRYPT.__delattr__ <type 'wrapper_descriptor'> belongs to class <type 'wrapper_descriptor'>
x.__delattr__('name') <==> del

CRYPT.__dict__ <type 'dictproxy'> belongs to class <type 'dictproxy'>

CRYPT.__doc__ <type 'str'> belongs to class <type 'str'>
str(object='') -> string Return a nice string representation of the object. If the argument is a string, the return value is the same object.

CRYPT.__format__ <type 'method_descriptor'> belongs to class <type 'method_descriptor'>
default object formatter

CRYPT.__getattribute__ <type 'wrapper_descriptor'> belongs to class <type 'wrapper_descriptor'>
x.__getattribute__('name') <==>

CRYPT.__hash__ <type 'wrapper_descriptor'> belongs to class <type 'wrapper_descriptor'>
x.__hash__() <==> hash(x)

CRYPT.__init__ <type 'instancemethod'> belongs to class <type 'instancemethod'>
important, digest_alg='md5' is not the default hashing algorithm for web2py. This is only an example of usage of this function. The actual hash algorithm is determined from the key which is generated by web2py in This defaults to hmac+sha512.

CRYPT.__module__ <type 'str'> belongs to class <type 'str'>
str(object='') -> string Return a nice string representation of the object. If the argument is a string, the return value is the same object.

CRYPT.__new__ <type 'builtin_function_or_method'> belongs to class <type 'builtin_function_or_method'>
T.__new__(S, ...) -> a new object with type S, a subtype of T

CRYPT.__reduce__ <type 'method_descriptor'> belongs to class <type 'method_descriptor'>
helper for pickle

CRYPT.__reduce_ex__ <type 'method_descriptor'> belongs to class <type 'method_descriptor'>
helper for pickle

CRYPT.__repr__ <type 'wrapper_descriptor'> belongs to class <type 'wrapper_descriptor'>
x.__repr__() <==> repr(x)

CRYPT.__setattr__ <type 'wrapper_descriptor'> belongs to class <type 'wrapper_descriptor'>
x.__setattr__('name', value) <==> = value

CRYPT.__sizeof__ <type 'method_descriptor'> belongs to class <type 'method_descriptor'>
__sizeof__() -> int size of object in memory, in bytes

CRYPT.__str__ <type 'wrapper_descriptor'> belongs to class <type 'wrapper_descriptor'>
x.__str__() <==> str(x)

CRYPT.__subclasshook__ <type 'builtin_function_or_method'> belongs to class <type 'builtin_function_or_method'>
Abstract classes can override this to customize issubclass(). This is invoked early on by abc.ABCMeta.__subclasscheck__(). It should return True, False or NotImplemented. If it returns NotImplemented, the normal algorithm is used. Otherwise, it overrides the normal algorithm (and the outcome is cached).

CRYPT.__weakref__ <type 'getset_descriptor'> belongs to class <type 'getset_descriptor'>
list of weak references to the object (if defined)