beaker.crypto.pbkdf2 – PKCS#5 v2.0 Password-Based Key Derivation classes

Module Contents

beaker.crypto.pbkdf2.crypt(word, salt=None, iterations=None)

PBKDF2-based unix crypt(3) replacement.

The number of iterations specified in the salt overrides the ‘iterations’ parameter.

The effective hash length is 192 bits.

class beaker.crypto.pbkdf2.PBKDF2(passphrase, salt, iterations=1000, digestmodule=<built-in function openssl_sha1>, macmodule=<module 'hmac' from '/usr/lib/python2.7/hmac.pyc'>) : PKCS#5 v2.0 Password-Based Key Derivation

This implementation takes a passphrase and a salt (and optionally an iteration count, a digest module, and a MAC module) and provides a file-like object from which an arbitrarily-sized key can be read.

If the passphrase and/or salt are unicode objects, they are encoded as UTF-8 before they are processed.

The idea behind PBKDF2 is to derive a cryptographic key from a passphrase and a salt.

PBKDF2 may also be used as a strong salted password hash. The ‘crypt’ function is provided for that purpose.

Remember: Keys generated using PBKDF2 are only as strong as the passphrases they are derived from.


Close the stream.


Read the specified number of octets. Return them as hexadecimal.

Note that len(obj.hexread(n)) == 2*n.


Read the specified number of key bytes.