werkzeug.generate_password_hash

werkzeug.generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)[source]

Hash a password with the given method and salt with with a string of the given length. The format of the string returned includes the method that was used so that check_password_hash() can check the hash.

The format for the hashed string looks like this:

method$salt$hash

This method can not generate unsalted passwords but it is possible to set the method to plain to enforce plaintext passwords. If a salt is used, hmac is used internally to salt the password.

If PBKDF2 is wanted it can be enabled by setting the method to pbkdf2:method:iterations where iterations is optional:

pbkdf2:sha1:2000$salt$hash
pbkdf2:sha1$salt$hash
Parameters:
  • password – the password to hash.
  • method – the hash method to use (one that hashlib supports). Can optionally be in the format pbkdf2:<method>[:iterations] to enable PBKDF2.
  • salt_length – the length of the salt in letters.