https://github.com/web2py/web2py/blob/master/gluon/tools.py#L1776 that basically calls the validators attached by default to a password field https://github.com/web2py/web2py/blob/master/gluon/tools.py#L1479 i.e. you just have to import the validator CRYPT and check with that passing the correct parameters https://github.com/web2py/web2py/blob/master/gluon/validators.py#L2659
PS: CRYPT was easier to follow before the introduction of the pdfbk2 algo, but it's quite straightforward if you are willing to cut off backward-compatibility (that required lazycrypt https://github.com/web2py/web2py/blob/master/gluon/validators.py#L2581) --
