keystone.common.password_hashing module

keystone.common.password_hashing.check_password(password, hashed)[source]

Check that a plaintext password matches hashed.

hashpw returns the salt value concatenated with the actual hash value. It extracts the actual salt if this value is then passed as the salt.


Hash a password. Harder.


Hash a user dict’s password without modifying the passed-in dict.


Verify and truncate the provided password to the max_password_length.

We also need to check that the configured password hashing algorithm does not silently truncate the password. For example, passlib.hash.bcrypt does this: