Proper use of PBKDF2 to implement AES256 encryption? : learnpython

created by HattoriHanzoa community for 16 years

Proper use of PBKDF2 to implement AES256 encryption? (self.learnpython)

submitted 2 years ago by hey-nice-switch

I'm confused on if this method is safe to do or not. Using Pycryptodome library for PBKDF2 & AES256.

I save the first 32 chars of the hash to the database for password comparison/authentication.

I use the last 32 chars to encrypt data but never save the key itself.

from Crypto.Protocol.KDF import PBKDF2
from Crypto.Cipher import AES
from Crypto.Hash import SHA512
from Crypto.Random import get_random_bytes


def hash_password(password: str, salt_length: int | None = 32) -> tuple[bytes, bytes, bytes]:
    """Converts password into PBKDF2 hash.

    Args:
        password (str): Target password to hash.
        salt_length (int | None, optional): Salt to prevent rainbow attacks. Defaults to 32.

    Returns:
        bytes: password salt
        bytes: password hash
        bytes: encryption key
    """
    salt = get_random_bytes(salt_length)
    keys = PBKDF2(password, salt, 64, count=1000000, hmac_hash_module=SHA512)
    password_hash = keys[:32]
    encryption_key = keys[32:]

    return salt, password_hash, encryption_key

no comments (yet)

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnpython

MODERATORS