The Passlib documentation has moved to https://passlib.readthedocs.io

You will be redirected to the new location in 10 seconds.

passlib.hash.atlassian_pbkdf2_sha1 - Atlassian’s PBKDF2-based Hash

This class provides an implementation of the PBKDF2 based hash used by Atlassian in Jira and other products. Note that unlike the most PBKDF2 hashes supported by Passlib, this one uses a fixed number of rounds (10000). That is currently a sufficient amount, but it cannot be altered; so this scheme should only be used to read existing hashes, and not used in new applications.

See also

• password hash usage – for examples of how to use this class via the common hash interface.
• passlib.hash.pbkdf2_{digest} – for some other PBKDF2-based hashes.

Interface

class passlib.hash.atlassian_pbkdf2_sha1

This class implements the PBKDF2 hash used by Atlassian.

It supports a fixed-length salt, and a fixed number of rounds.

The using() method accepts the following optional keywords:

Parameters:

• salt (bytes) – Optional salt bytes. If specified, the length must be exactly 16 bytes. If not specified, a salt will be autogenerated (this is recommended).
• relaxed (bool) –

  By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.

  New in version 1.6.

Format & Algorithm

All of this scheme’s hashes have the format {PKCS5S2}data, where data is a 64 character base64 encoded string; which (when decoded), contains a 16 byte salt, and a 32 byte checksum.

A example hash (of password) is:

{PKCS5S2}DQIXJU038u4P7FdsuFTY/+35bm41kfjZa57UrdxHp2Mu3qF2uy+ooD+jF5t1tb8J

Once decoded, the salt value (in hexadecimal octets) is:

0d0217254d37f2ee0fec576cb854d8ff

and the checksum value (in hexadecimal octets) is:

edf96e6e3591f8d96b9ed4addc47a7632edea176bb2fa8a03fa3179b75b5bf09

When calculating the checksum: the password is encoded into UTF-8 if not already encoded. Using the specified salt, and a fixed 10000 rounds, PBKDF2-HMAC-SHA1 is used to generate a 32 byte key, which appended to the salt and encoded in base64.

Footnotes

[1]	The specification for the PBKDF2 algorithm - http://tools.ietf.org/html/rfc2898#section-5.2.