passlib.hash.msdcc - Windows’ Domain Cached Credentials

Danger

This algorithm is not considered secure by modern standards. It should only be used when verifying existing hashes, or when interacting with applications that require this format. For new code, see the list of recommended hashes.

New in version 1.6.

This class implements the DCC (Domain Cached Credentials) hash, used by Windows to cache and verify remote credentials when the relevant server is unavailable. It is known by a number of other names, including “mscache” and “mscash” (Microsoft CAched haSH). Security wise it is not particularly strong, as it’s little more than nthash salted with a username. It was replaced by msdcc2 in Windows Vista. This class can be used directly as follows:

>>> from passlib.hash import msdcc

>>> # hash password using specified username
>>> hash = msdcc.hash("password", user="Administrator")
>>> hash
'25fd08fa89795ed54207e6e8442a6ca0'

>>> # verify correct password
>>> msdcc.verify("password", hash, user="Administrator")
True
>>> # verify correct password w/ wrong username
>>> msdcc.verify("password", hash, user="User")
False
>>> # verify incorrect password
>>> msdcc.verify("letmein", hash, user="Administrator")
False

See also

Interface

class passlib.hash.msdcc

This class implements Microsoft’s Domain Cached Credentials password hash, and follows the PasswordHash API.

It has a fixed number of rounds, and uses the associated username as the salt.

The hash(), genhash(), and verify() methods have the following optional keywords:

Parameters:user (str) –

String containing name of user account this password is associated with. This is required to properly calculate the hash.

This keyword is case-insensitive, and should contain just the username (e.g. Administrator, not SOMEDOMAIN\Administrator).

Note that while this class outputs lower-case hexadecimal digests, it will accept upper-case digests as well.

Format & Algorithm

Much like lmhash and nthash, MS DCC hashes consists of a 16 byte digest, usually encoded as 32 hexadecimal characters. An example hash (of "password" with the account "Administrator") is 25fd08fa89795ed54207e6e8442a6ca0.

The digest is calculated as follows:

  1. The password is encoded using UTF-16-LE.
  2. The MD4 digest of step 1 is calculated. (The result of this step is identical to the nthash of the password).
  3. The unicode username is converted to lowercase, and encoded using UTF-16-LE. This should be just the plain username (e.g. User not SOMEDOMAIN\\User)
  4. The username from step 3 is appended to the digest from step 2; and the MD4 digest of the result is calculated.
  5. The result of step 4 is encoded into hexadecimal, this is the DCC hash.

Security Issues

This algorithm is should not be used for any purpose besides manipulating existing DCC v1 hashes, due to the following flaws:

  • Its use of the username as a salt value (and lower-case at that), means that common usernames (e.g. Administrator) will occur more frequently as salts, weakening the effectiveness of the salt in foiling pre-computed tables.
  • The MD4 message digest has been severely compromised by collision and preimage attacks.
  • Efficient brute-force attacks on MD4 exist.

Footnotes

[1]Description of DCC v1 algorithm - http://openwall.info/wiki/john/MSCash