passlib.hash.atlassian_pbkdf2_sha1 - Atlassian’s PBKDF2-based Hash

This class provides an implementation of the PBKDF2 based hash used by Atlassian in Jira and other products. Note that unlike the most PBKDF2 hashes supported by Passlib, this one uses a fixed number of rounds (10000). That is currently a sufficient amount, but it cannot be altered; so this scheme should only be used to read existing hashes, and not used in new applications.

See also


class passlib.hash.atlassian_pbkdf2_sha1

This class implements the PBKDF2 hash used by Atlassian.

It supports a fixed-length salt, and a fixed number of rounds.

The using() method accepts the following optional keywords:

  • salt (bytes) – Optional salt bytes. If specified, the length must be exactly 16 bytes. If not specified, a salt will be autogenerated (this is recommended).
  • relaxed (bool) –

    By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.

    New in version 1.6.

Format & Algorithm

All of this scheme’s hashes have the format {PKCS5S2}data, where data is a 64 character base64 encoded string; which (when decoded), contains a 16 byte salt, and a 32 byte checksum.

A example hash (of password) is:


Once decoded, the salt value (in hexadecimal octets) is:


and the checksum value (in hexadecimal octets) is:


When calculating the checksum: the password is encoded into UTF-8 if not already encoded. Using the specified salt, and a fixed 10000 rounds, PBKDF2-HMAC-SHA1 is used to generate a 32 byte key, which appended to the salt and encoded in base64.


[1]The specification for the PBKDF2 algorithm -