passlib.hash.ldap_digest
- RFC2307 Standard Digests¶
Passlib provides support for all the standard
LDAP hash formats specified by RFC 2307.
This includes {MD5}
, {SMD5}
, {SHA}
, {SSHA}
.
These schemes range from somewhat to very insecure,
and should not be used except when required.
These classes all wrap the underlying hashlib implementations,
and are can be used directly as follows:
>>> from passlib.hash import ldap_salted_md5 as lsm
>>> # hash password
>>> hash = lsm.hash("password")
>>> hash
'{SMD5}OqsUXNHIhHbznxrqHoIM+ZT8DmE='
>>> # verify password
>>> lms.verify("password", hash)
True
>>> lms.verify("secret", hash)
False
See also
- password hash usage – for more usage examples
- ldap_{crypt} –
LDAP
{CRYPT}
wrappers for common Unix hash algorithms. passlib.apps
– for a list of premade ldap contexts.
Plain Hashes¶
Warning
These hashes should not be considered secure in any way, as they are nothing but raw MD5 & SHA-1 digests, which are extremely vulnerable to brute-force attacks.
-
class
passlib.hash.
ldap_md5
¶ This class stores passwords using LDAP’s plain MD5 format, and follows the PasswordHash API.
The
hash()
andgenconfig()
methods have no optional keywords.
-
class
passlib.hash.
ldap_sha1
¶ This class stores passwords using LDAP’s plain SHA1 format, and follows the PasswordHash API.
The
hash()
andgenconfig()
methods have no optional keywords.
Format¶
These hashes have the format prefixchecksum
.
prefix
is{MD5}
for ldap_md5, and{SHA}
for ldap_sha1.checksum
is the base64 encoding of the raw message digest of the password, using the appropriate digest algorithm.
An example ldap_md5 hash (of password
) is {MD5}X03MO1qnZdYdgyfeuILPmQ==
.
An example ldap_sha1 hash (of password
) is {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
.
Salted Hashes¶
-
class
passlib.hash.
ldap_salted_md5
¶ This class stores passwords using LDAP’s salted MD5 format, and follows the PasswordHash API.
It supports a 4-16 byte salt.
The
using()
method accepts the following optional keywords:Parameters: - salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
- salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16.
- relaxed (bool) –
By default, providing an invalid value for one of the other keywords will result in a
ValueError
. Ifrelaxed=True
, and the error can be corrected, aPasslibHashWarning
will be issued instead. Correctable errors includesalt
strings that are too long.New in version 1.6.
Changed in version 1.6: This format now supports variable length salts, instead of a fix 4 bytes.
-
class
passlib.hash.
ldap_salted_sha1
¶ This class stores passwords using LDAP’s “Salted SHA1” format, and follows the PasswordHash API.
It supports a 4-16 byte salt.
The
using()
method accepts the following optional keywords:Parameters: - salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
- salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16.
- relaxed (bool) –
By default, providing an invalid value for one of the other keywords will result in a
ValueError
. Ifrelaxed=True
, and the error can be corrected, aPasslibHashWarning
will be issued instead. Correctable errors includesalt
strings that are too long.New in version 1.6.
Changed in version 1.6: This format now supports variable length salts, instead of a fix 4 bytes.
-
class
passlib.hash.
ldap_salted_sha256
¶ This class stores passwords using LDAP’s “Salted SHA2-256” format, and follows the PasswordHash API.
It supports a 4-16 byte salt.
The
using()
method accepts the following optional keywords:Parameters: - salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
- salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16.
- relaxed (bool) – By default, providing an invalid value for one of the other
keywords will result in a
ValueError
. Ifrelaxed=True
, and the error can be corrected, aPasslibHashWarning
will be issued instead. Correctable errors includesalt
strings that are too long.
New in version 1.7.3.
-
class
passlib.hash.
ldap_salted_sha512
¶ This class stores passwords using LDAP’s “Salted SHA2-512” format, and follows the PasswordHash API.
It supports a 4-16 byte salt.
The
using()
method accepts the following optional keywords:Parameters: - salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
- salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 8 bytes for compatibility with the LDAP spec, but Passlib supports any value between 4-16.
- relaxed (bool) – By default, providing an invalid value for one of the other
keywords will result in a
ValueError
. Ifrelaxed=True
, and the error can be corrected, aPasslibHashWarning
will be issued instead. Correctable errors includesalt
strings that are too long.
New in version 1.7.3.
These hashes have the format prefixdata
.
prefix
is{SMD5}
for ldap_salted_md5, and{SSHA}
for ldap_salted_sha1.data
is the base64 encoding ofchecksumsalt
; and in turnsalt
is a multi-byte binary salt, andchecksum
is the raw digest of the the stringpasswordsalt
, using the appropriate digest algorithm.
Format¶
An example hash (of password
) is {SMD5}jNoSMNY0cybfuBWiaGlFw3Mfi/U=
.
After decoding, this results in a raw salt string s\x1f\x8b\xf5
,
and a raw MD5 checksum of \x8c\xda\x120\xd64s&\xdf\xb8\x15\xa2hiE\xc3
.
An example hash (of password
) is {SSHA}pKqkNr1tq3wtQqk+UcPyA3HnA2NsU5NJ
.
After decoding, this results in a raw salt string lS\x93I
,
and a raw SHA1 checksum of \xa4\xaa\xa46\xbdm\xab|-B\xa9>Q\xc3\xf2\x03q\xe7\x03c
.
Security Issues¶
The LDAP salted hashes should not be considered very secure.
- They use only a single round of digests with known collision and pre-image attacks (SHA1 & MD5).
- They currently use only 32 bits of entropy in their salt, which is only borderline sufficient to defeat rainbow tables, and cannot (portably) be increased.
- The SHA2 salted hashes (SSHA256, SSHA512) are only marginally better. they use the newer SHA2 hash; and 64 bits of entropy in their salt.
Plaintext¶
-
class
passlib.hash.
ldap_plaintext
¶ This class stores passwords in plaintext, and follows the PasswordHash API.
This class acts much like the generic
passlib.hash.plaintext
handler, except that it will identify a hash only if it does NOT begin with the{XXX}
identifier prefix used by RFC2307 passwords.The
hash()
,genhash()
, andverify()
methods all require the following additional contextual keyword:Parameters: encoding (str) – This controls the character encoding to use (defaults to
utf-8
).This encoding will be used to encode
unicode
passwords under Python 2, and decodebytes
hashes under Python 3.Changed in version 1.6: The
encoding
keyword was added.
This handler does not hash passwords at all,
rather it encoded them into UTF-8.
The only difference between this class and plaintext
is that this class will NOT recognize any strings that use
the {SCHEME}HASH
format.
Deviations¶
- The salt size for the salted digests appears to vary between applications. While OpenLDAP is fixed at 4 bytes, some systems appear to use 8 or more. As of 1.6, Passlib can accept and generate strings with salts between 4-16 bytes, though various servers may differ in what they can handle.
Footnotes
[1] | The manpage for slappasswd - http://gd.tuwien.ac.at/linuxcommand.org/man_pages/slappasswd8.html. |
[2] | The basic format for these hashes is laid out in RFC 2307 - http://www.ietf.org/rfc/rfc2307.txt |
[3] | OpenLDAP hash documentation - http://www.openldap.org/doc/admin24/security.html |