Here is the code the compares a plain text password to the stored hashed password: https://github.com/web2py/web2py/blob/4ed36cfb1fe960d5c818c53562d920d407e991ae/gluon/validators.py#L2919-L2922
The salt and the digest algorithm name and parameters are stored in a string combined with the hash. The above linked code extracts the salt, digest algorithm, and hash stored in the database. It then uses the salt and digest algorithm info to hash the plain text password in order to determine if it is the same as the stored hash. To hash the password, it calls simple_hash <https://github.com/web2py/web2py/blob/4ed36cfb1fe960d5c818c53562d920d407e991ae/gluon/utils.py#L116> in gluon.utils. You can review that code to figure out how the hashing is done. As seen here <https://github.com/web2py/web2py/blob/4ed36cfb1fe960d5c818c53562d920d407e991ae/gluon/validators.py#L3017>, the default digest algorithm used by CRYPT (and ultimately passed to simple_hash) is pbkdf2(1000,20,sha512), so unless you have changed the default, that is what you should use. You'll have to figure out how to replicate the hashing process in whatever language you are using, though the algorithms are standard, so hopefully that will be fairly straightforward. Anthony On Friday, May 18, 2018 at 11:34:24 AM UTC-4, 黄祥 wrote: > > *objective:* > use database that built using web2py in another app, like php slim > framework, express js or restify, since that frameworks didn't need to > define the models database. > > *problem:* > don't know how to use the auth_user table for login in another app, > because the password field is not clear how to store it in database table > > *learn from the book:* > By default, CRYPT uses 1000 iterations of the pbkdf2 algorithm combined > with SHA512 to produce a 20-byte-long hash. > *ref:* > http://web2py.com/books/default/chapter/29/07/forms-and-validators > > *question:* > what is the crypt module used by web2py to encrypt password field, because > the book said 1000 iterations of the pbkdf2 algorithm combined with SHA512 > to produce a 20-byte-long hash, not sure i understand the meaning? > > thanks and best regards, > stifan > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
