passlib.hash - Password Hashing Schemes

Overview

The passlib.hash module contains all the password hash algorithms built into Passlib. While each hash has its own options and output format, they all inherit from the PasswordHash base interface. The following pages describe each hash in detail, including its format, underlying algorithm, and known security issues.

Danger

Many of the hash algorithms listed below are *NOT* secure.

Passlib supports a wide array of hash algorithms, primarily to support dealing with legacy data and systems.

If you’re looking to choose a hash algorithm for a new application, see the Quickstart Guide instead of picking one from this list.

See also

PasswordHash Tutorial – for general usage examples

Unix Hashes

Aside from “archaic” schemes such as des_crypt, most of the password hashes supported by modern Unix flavors adhere to the modular crypt format, allowing them to be easily distinguished when used within the same file. The basic of format $scheme$hash has also been adopted for use by other applications and password hash schemes.

Active Unix Hashes

All these schemes are actively in use by various Unix flavors to store user passwords. They all follow the modular crypt format.

Special note should be made of the following fallback helper, which is not an actual hash scheme, but implements the “disabled account marker” found in many Linux & BSD password files:

Deprecated Unix Hashes

The following schemes are supported by various Unix systems use the modular crypt format, and are noticably stronger than the previous group. However, they have all since been deprecated in favor of stronger algorithms:

Archaic Unix Hashes

The following schemes are supported by certain Unix systems, but are considered particularly archaic: Not only do they predate the modular crypt format, but they’re based on the outmoded DES block cipher, and are woefully insecure:

Other “Modular Crypt” Hashes

The modular crypt format is a loose standard for password hash strings which started life under the Unix operating system, and is used by many of the Unix hashes (above). However, it’s it’s basic $scheme$hash format has also been adopted by a number of application-specific hash algorithms:

Active Hashes

While most of these schemes generally require an application-specific implementation, natively used by any Unix flavor to store user passwords, they can be used compatibly along side other modular crypt format hashes:

Deprecated Hashes

The following are some additional application-specific hashes which are still occasionally seen, use the modular crypt format, but are rarely used or weak enough that they have been deprecated:

LDAP / RFC2307 Hashes

All of the following hashes use a variant of the password hash format used by LDAPv2. Originally specified in RFC 2307 and used by OpenLDAP [1], the basic format {SCHEME}HASH has seen widespread adoption in a number of programs.

Standard LDAP Schemes

The following schemes are explicitly defined by RFC 2307, and are supported by OpenLDAP.

Non-Standard LDAP Schemes

None of the following schemes are actually used by LDAP, but follow the LDAP format:

MS Windows Hashes

The following hashes are used in various places by Microsoft Windows. As they were designed for “internal” use, they generally contain no identifying markers, identifying them is pretty much context-dependant.

Cisco Hashes

The following hashes are used in various places on Cisco IOS and ASA devices:

  • Cisco “Type 5” hashes - these are the same as md5_crypt

Other Hashes

The following schemes are used in various contexts, but have formats or uses which cannot be easily placed in one of the above categories:

Footnotes

[1]OpenLDAP homepage - http://www.openldap.org/.