Using PassLib to Verify Hash from Flask User Passwords


I’m currently trying to migrate my Flask Users over to a Django Backend.

However, when I’m using passlib to verify the hash, I can’t figure out why it won’t verify.

Our flask app settings

SECURITY_PASSWORD_HASH = "pbkdf2_sha512"
SECURITY_PASSWORD_SALT = "stackoverflow" # this is an example

An example of a hash I pulled from a database

flask_hash =

So I created a custom pbkdf2_sha512 with the the rounds and salt
from passlib.hash import pbkdf2_sha512

rounds = 12000
salt = "stackoverflow".encode() # assume I swapped this out with the right salt
custom_pbkdf2 = pbkdf2_sha512.using(rounds=rounds, salt=salt)

verify_result = custom_pbkdf2.verify(hash=flask_hash, secret=password)
print (verify_result) # false

But if I create a new hash … it does work

test_hash = custom_pbkdf2.hash('testing-if-this-works')
test_hash_confirm = custom_pbkdf2.verify('testing-if-this-works', hash=test_hash)

Is there something I’m missing? Thank you so much for any help here … I know the password to this — it’s a dummy account I used for testing.

Asked By: yrekkehs



I was struck in exactly the same situation, luckily found this reddit thread, which had the explanation.

Basically, what you have to do verify the user is:

from flask_security.utils import verify_password
verify_password(<plain text password>, <password hash>)

More details here

Answered By: Vishal Gupta
Categories: questions Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.