passlib.hash.ldap_digest - RFC2307 Standard Digests

Passlib provides support for all the standard LDAP hash formats specified by RFC 2307. This includes {MD5}, {SMD5}, {SHA}, {SSHA}. These schemes range from somewhat to very insecure, and should not be used except when required. These classes all wrap the underlying hashlib implementations, and are can be used directly as follows:

>>> from passlib.hash import ldap_salted_md5 as lsm

>>> # hash password
>>> hash = lsm.hash("password")
>>> hash
'{SMD5}OqsUXNHIhHbznxrqHoIM+ZT8DmE='

>>> # verify password
>>> lms.verify("password", hash)
True
>>> lms.verify("secret", hash)
False

See also

Plain Hashes

Warning

These hashes should not be considered secure in any way, as they are nothing but raw MD5 & SHA-1 digests, which are extremely vulnerable to brute-force attacks.

class passlib.hash.ldap_md5

This class stores passwords using LDAP’s plain MD5 format, and follows the PasswordHash API.

The hash() and genconfig() methods have no optional keywords.

class passlib.hash.ldap_sha1

This class stores passwords using LDAP’s plain SHA1 format, and follows the PasswordHash API.

The hash() and genconfig() methods have no optional keywords.

Format

These hashes have the format prefixchecksum.

  • prefix is {MD5} for ldap_md5, and {SHA} for ldap_sha1.
  • checksum is the base64 encoding of the raw message digest of the password, using the appropriate digest algorithm.

An example ldap_md5 hash (of password) is {MD5}X03MO1qnZdYdgyfeuILPmQ==. An example ldap_sha1 hash (of password) is {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=.

Salted Hashes

class passlib.hash.ldap_salted_md5

This class stores passwords using LDAP’s salted MD5 format, and follows the PasswordHash API.

It supports a 4-16 byte salt.

The using() method accepts the following optional keywords:

Parameters:
  • salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
  • salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16.
  • relaxed (bool) –

    By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.

    New in version 1.6.

Changed in version 1.6: This format now supports variable length salts, instead of a fix 4 bytes.

class passlib.hash.ldap_salted_sha1

This class stores passwords using LDAP’s “Salted SHA1” format, and follows the PasswordHash API.

It supports a 4-16 byte salt.

The using() method accepts the following optional keywords:

Parameters:
  • salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
  • salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16.
  • relaxed (bool) –

    By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.

    New in version 1.6.

Changed in version 1.6: This format now supports variable length salts, instead of a fix 4 bytes.

class passlib.hash.ldap_salted_sha256

This class stores passwords using LDAP’s “Salted SHA2-256” format, and follows the PasswordHash API.

It supports a 4-16 byte salt.

The using() method accepts the following optional keywords:

Parameters:
  • salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
  • salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16.
  • relaxed (bool) – By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.

New in version 1.7.3.

class passlib.hash.ldap_salted_sha512

This class stores passwords using LDAP’s “Salted SHA2-512” format, and follows the PasswordHash API.

It supports a 4-16 byte salt.

The using() method accepts the following optional keywords:

Parameters:
  • salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
  • salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16.
  • relaxed (bool) – By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.

New in version 1.7.3.

These hashes have the format prefixdata.

  • prefix is {SMD5} for ldap_salted_md5, and {SSHA} for ldap_salted_sha1.
  • data is the base64 encoding of checksumsalt; and in turn salt is a multi-byte binary salt, and checksum is the raw digest of the the string passwordsalt, using the appropriate digest algorithm.

Format

An example hash (of password) is {SMD5}jNoSMNY0cybfuBWiaGlFw3Mfi/U=. After decoding, this results in a raw salt string s\x1f\x8b\xf5, and a raw MD5 checksum of \x8c\xda\x120\xd64s&\xdf\xb8\x15\xa2hiE\xc3.

An example hash (of password) is {SSHA}pKqkNr1tq3wtQqk+UcPyA3HnA2NsU5NJ. After decoding, this results in a raw salt string lS\x93I, and a raw SHA1 checksum of \xa4\xaa\xa46\xbdm\xab|-B\xa9>Q\xc3\xf2\x03q\xe7\x03c.

Security Issues

The LDAP salted hashes should not be considered very secure.

  • They use only a single round of digests with known collision and pre-image attacks (SHA1 & MD5).
  • They currently use only 32 bits of entropy in their salt, which is only borderline sufficient to defeat rainbow tables, and cannot (portably) be increased.
  • The SHA2 salted hashes (SSHA256, SSHA512) are only marginally better. they use the newer SHA2 hash; and 64 bits of entropy in their salt.

Plaintext

class passlib.hash.ldap_plaintext

This class stores passwords in plaintext, and follows the PasswordHash API.

This class acts much like the generic passlib.hash.plaintext handler, except that it will identify a hash only if it does NOT begin with the {XXX} identifier prefix used by RFC2307 passwords.

The hash(), genhash(), and verify() methods all require the following additional contextual keyword:

Parameters:encoding (str) –

This controls the character encoding to use (defaults to utf-8).

This encoding will be used to encode unicode passwords under Python 2, and decode bytes hashes under Python 3.

Changed in version 1.6: The encoding keyword was added.

This handler does not hash passwords at all, rather it encoded them into UTF-8. The only difference between this class and plaintext is that this class will NOT recognize any strings that use the {SCHEME}HASH format.

Deviations

  • The salt size for the salted digests appears to vary between applications. While OpenLDAP is fixed at 4 bytes, some systems appear to use 8 or more. As of 1.6, Passlib can accept and generate strings with salts between 4-16 bytes, though various servers may differ in what they can handle.

Footnotes

[1]The manpage for slappasswd - http://gd.tuwien.ac.at/linuxcommand.org/man_pages/slappasswd8.html.
[2]The basic format for these hashes is laid out in RFC 2307 - http://www.ietf.org/rfc/rfc2307.txt
[3]OpenLDAP hash documentation - http://www.openldap.org/doc/admin24/security.html