Posted by Erik Stel on Jun 30, 2017; 11:07am
URL: https://forum.world.st/Validate-password-with-PBKDF2-tp4952973p4953067.html

Francis,

The hashpw function returns a hash with the salt prepended. So it contains both elements. (See for example explanation at: https://stackoverflow.com/questions/27413248/why-can-bcrypt-hashpw-be-used-both-for-hashing-and-verifying-passwords).

You can do the same thing here. Assuming you have a fixed size salt, just prepend it before the hash value. Since the salt is (should be) random, returning it's value does not weaken the security. Using a salt prevents against rainbow table attacks: pre-generated hash values for many possible passwords. (See https://en.wikipedia.org/wiki/Rainbow_table).  

Cheers,
Erik