Flask-Hashing

Flask-Hashing is a Flask extension that provides an easy way to hash data and check a hash of a value against a given hash. Flask-Hashing uses hashlib to actually hash data.

The main use case for hashing in web applications is for user passwords. But because an application may have a different need for a hash function, this extension’s naming choices are not password-specific.

Installation

Install Flask-Hashing with either of the following commands::

$ easy_install flask-hashing
$ pip install flask-hashing

Usage

Initialize the extension as follows::

from flask import Flask
from flask.ext.hashing import Hashing

app = Flask(__name__)
hashing = Hashing(app)

After creating an instance of Hashing, we can hash data and check hashes of data as follows::

h = hashing.hash_value('secretdata', salt='abcd')
if hashing.check_value(h, 'secretdata', salt='abcd'):
    # do some stuff because the hashes are equal

And that is all there is to it!

API

class flask.ext.hashing.Hashing(app=None)

An extension that provides easy hashing and comparing of hashes to a Flask application. This extension uses the standard library hashlib to allow access to any available hash functions on the system via OpenSSL, depending on your version of Python in use. The hashlib module guarantees access to md5, sha1, sha224, sha256, sha384, and sha512.

To begin using this extension you must first wrap the application.:

from flask import Flask
from flask.ext.hashing import Hashing

app = Flask(__name__)
hashing = Hashing(app)

If you prefer to use the factory pattern you can also use :class: as follows::

from flask import Flask
from flask.ext.hashing import Hashing

hashing = Hashing()
# do some stuff
app = create_app()
hashing.init_app(app)

If you would like to customize your instance of :class:, you may specify values for HASHING_METHOD and HASHING_ROUNDS in the Flask application configuration. HASHING_METHOD defaults to sha256 and HASHING_ROUNDS defaults to 1. If you are using anything less than Python 2.7.9 you will only have the guaranteed functions provided by hashlib. Python 2.7.9 or higher allows access to OpenSSL hash functions. The name you supply to HASHING_METHOD must be valid to hashlib. To get a list of valid names, supply a random string to HASHING_METHOD and check the output when initializing your application (it raises and exception), or check hashlib.algorithms for Python 2.7.8 or less, or hashlib.algorithms_available if using Python 2.7.9+.

check_value(value_hash, value, salt='')

Checks the specified hash value against the hash of the provided salt and value.

An example usage of check_value would be:

val_hash = hashing.hash_value('mysecretdata', salt='abcd')
if hashing.check_value(val_hash, 'mysecretdata', salt='abcd'):
    # do something special
Parameters:
  • value_hash – The hash value to check against
  • value – The value we want hashed to compare
  • salt – The salt to use when generating the hash of value. Default is ‘’.
Returns:

True if equal, False otherwise

Return type:

bool

hash_value(value, salt='')

Hashes the specified value combined with the specified salt. The hash is done HASHING_ROUNDS times as specified by the application configuration.

An example usage of :class:hash_value would be:

val_hash = hashing.hash_value('mysecretdata', salt='abcd')
# save to a db or check against known hash
Parameters:
  • value – The value we want hashed
  • salt – The salt to use when generating the hash of value. Default is ‘’.
Returns:

The resulting hash as a string

Return type:

str

init_app(app)

Initializes the Flask application with this extension. It grabs the necessary configuration values from app.config, those being HASHING_METHOD and HASHING_ROUNDS. HASHING_METHOD defaults to sha256 but can be any one of hashlib.algorithms. HASHING_ROUNDS specifies the number of times to hash the input with the specified algorithm. This defaults to 1.

Parameters:app – Flask application object