passlib.hash.hex_digest - Generic Hexadecimal Digests


Using a single round of any cryptographic hash (especially without a salt) is so insecure that it’s barely better than plaintext. Do not use these schemes in new applications.

Some existing applications store passwords by storing them using hexadecimal-encoded message digests, such as MD5 or SHA1. Such schemes are extremely vulnerable to pre-computed brute-force attacks, and should not be used in new applications. However, for the sake of backwards compatibility when converting existing applications, Passlib provides wrappers for few of the common hashes. These classes all wrap the underlying hashlib implementations, and can be used directly as follows:

>>> from passlib.hash import hex_sha1 as hex_sha1

>>> # hash password
>>> h = hex_sha1.hash("password")
>>> h

>>> # verify correct password
>>> hex_sha1.verify("password", h)

>>> # verify incorrect password
>>> hex_sha1.verify("secret", h)

See also

the generic PasswordHash usage examples


class passlib.hash.hex_md4
class passlib.hash.hex_md5
class passlib.hash.hex_sha1
class passlib.hash.hex_sha256
class passlib.hash.hex_sha512

Each of these classes implements a plain hexadecimal encoded message digest, using the relevant digest function from hashlib, and following the PasswordHash API.

They support no settings or other keywords.


Oracle VirtualBox’s VBoxManager internalcommands passwordhash command uses hex_sha256.

Format & Algorithm

All of these classes just report the result of the specified digest, encoded as a series of lowercase hexadecimal characters; though upper case is accepted as input.