0
0
Flaskframework~10 mins

Password hashing with Werkzeug in Flask - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Password hashing with Werkzeug
User inputs password
Call generate_password_hash(password)
Werkzeug creates hashed password
Store hashed password safely
User login attempt
Call check_password_hash(stored_hash, input_password)
Werkzeug compares input with stored hash
Return True if match, False if not
This flow shows how a password is hashed when created and then checked during login using Werkzeug functions.
Execution Sample
Flask
from werkzeug.security import generate_password_hash, check_password_hash

password = 'mypassword123'
hashed = generate_password_hash(password)

check = check_password_hash(hashed, 'mypassword123')
This code hashes a password and then checks if a given input matches the hashed password.
Execution Table
StepActionInputOutputNotes
1Call generate_password_hash'mypassword123'hashed string (e.g. 'pbkdf2:sha256:260000$...')Password is converted to a secure hash
2Store hashed passwordhashed stringStored safely (e.g. database)Hash is saved, not the plain password
3Call check_password_hashhashed string, 'mypassword123'TrueInput password matches the hash
4Call check_password_hashhashed string, 'wrongpass'FalseInput password does not match hash
💡 Password check returns True or False depending on match; no plain password is stored
Variable Tracker
VariableStartAfter Step 1After Step 3After Step 4
password'mypassword123''mypassword123''mypassword123''mypassword123'
hashedNone'pbkdf2:sha256:260000$...''pbkdf2:sha256:260000$...''pbkdf2:sha256:260000$...'
checkNoneNoneTrueFalse
Key Moments - 2 Insights
Why can't we just store the plain password instead of hashing it?
Storing plain passwords is unsafe because if the database is leaked, attackers get all passwords. The execution_table step 2 shows we store only the hashed password, which is secure.
How does check_password_hash know if the input matches without decrypting?
It hashes the input password the same way and compares hashes. The execution_table steps 3 and 4 show it returns True or False based on this comparison.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the output of generate_password_hash when given 'mypassword123'?
AA hashed string like 'pbkdf2:sha256:260000$...'
BThe plain password 'mypassword123'
CTrue
DFalse
💡 Hint
Check Step 1 output in the execution_table
At which step does the password check return False?
AStep 1
BStep 3
CStep 4
DStep 2
💡 Hint
Look at the 'Output' column in execution_table for steps 3 and 4
If the input password changes, how does it affect the check variable in variable_tracker?
AIt changes to True
BIt changes to False
CIt stays the same
DIt becomes the hashed string
💡 Hint
See variable_tracker 'check' values after Step 3 and Step 4
Concept Snapshot
Password hashing with Werkzeug:
- Use generate_password_hash(password) to create a secure hash
- Store only the hashed password, never plain text
- Use check_password_hash(stored_hash, input_password) to verify
- Returns True if input matches hash, else False
- Keeps passwords safe even if data leaks
Full Transcript
This visual trace shows how Werkzeug helps secure passwords in Flask apps. First, the user password is turned into a hashed string using generate_password_hash. This hash is stored safely instead of the plain password. Later, when the user logs in, check_password_hash compares the stored hash with the input password by hashing the input and checking for a match. The output is True if they match, False otherwise. This process protects user passwords from exposure even if the database is compromised.