passlib.hash.ldap_digest - RFC2307 Standard Digests¶
Passlib provides support for all the standard LDAP hash formats specified by RFC 2307. This includes {MD5}, {SMD5}, {SHA}, {SSHA}. These schemes range from somewhat to very insecure, and should not be used except when required. These classes all wrap the underlying hashlib implementations, and are can be used directly as follows:
>>> from passlib.hash import ldap_salted_md5 as lsm
>>> # encrypt password
>>> hash = lsm.encrypt("password")
>>> hash
'{SMD5}OqsUXNHIhHbznxrqHoIM+ZT8DmE='
>>> # verify password
>>> lms.verify("password", hash)
True
>>> lms.verify("secret", hash)
False
See also
- password hash usage – for more usage examples
- ldap_{crypt} – LDAP {CRYPT} wrappers for common Unix hash algorithms.
- passlib.apps – for a list of premade ldap contexts.
Plain Hashes¶
Warning
These hashes should be considered secure in any manner, as they are nothing but raw MD5 & SHA-1 digests, which are extremely vulnerable to brute-force attacks.
- class passlib.hash.ldap_md5¶
This class stores passwords using LDAP’s plain MD5 format, and follows the Password Hash Interface.
The encrypt() and genconfig() methods have no optional keywords.
- class passlib.hash.ldap_sha1¶
This class stores passwords using LDAP’s plain SHA1 format, and follows the Password Hash Interface.
The encrypt() and genconfig() methods have no optional keywords.
Format¶
These hashes have the format prefixchecksum.
- prefix is {MD5} for ldap_md5, and {SHA} for ldap_sha1.
- checksum is the base64 encoding of the raw message digest of the password, using the appropriate digest algorithm.
An example ldap_md5 hash (of password) is {MD5}X03MO1qnZdYdgyfeuILPmQ==. An example ldap_sha1 hash (of password) is {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=.
Salted Hashes¶
- class passlib.hash.ldap_salted_md5¶
This class stores passwords using LDAP’s salted MD5 format, and follows the Password Hash Interface.
It supports a 4-16 byte salt.
The encrypt() and genconfig() methods accept the following optional keyword:
Parameters: - salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
- salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16.
- relaxed (bool) –
By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.
New in version 1.6.
Changed in version 1.6: This format now supports variable length salts, instead of a fix 4 bytes.
- class passlib.hash.ldap_salted_sha1¶
This class stores passwords using LDAP’s salted SHA1 format, and follows the Password Hash Interface.
It supports a 4-16 byte salt.
The encrypt() and genconfig() methods accept the following optional keyword:
Parameters: - salt (bytes) – Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it may be any 4-16 byte string.
- salt_size (int) – Optional number of bytes to use when autogenerating new salts. Defaults to 4 bytes for compatibility with the LDAP spec, but some systems use larger salts, and Passlib supports any value between 4-16.
- relaxed (bool) –
By default, providing an invalid value for one of the other keywords will result in a ValueError. If relaxed=True, and the error can be corrected, a PasslibHashWarning will be issued instead. Correctable errors include salt strings that are too long.
New in version 1.6.
Changed in version 1.6: This format now supports variable length salts, instead of a fix 4 bytes.
These hashes have the format prefixdata.
- prefix is {SMD5} for ldap_salted_md5, and {SSHA} for ldap_salted_sha1.
- data is the base64 encoding of checksumsalt; and in turn salt is a multi-byte binary salt, and checksum is the raw digest of the the string passwordsalt, using the appropriate digest algorithm.
Format¶
An example hash (of password) is {SMD5}jNoSMNY0cybfuBWiaGlFw3Mfi/U=. After decoding, this results in a raw salt string s\x1f\x8b\xf5, and a raw MD5 checksum of \x8c\xda\x120\xd64s&\xdf\xb8\x15\xa2hiE\xc3.
An example hash (of password) is {SSHA}pKqkNr1tq3wtQqk+UcPyA3HnA2NsU5NJ. After decoding, this results in a raw salt string lS\x93I, and a raw SHA1 checksum of \xa4\xaa\xa46\xbdm\xab|-B\xa9>Q\xc3\xf2\x03q\xe7\x03c.
Security Issues¶
The LDAP salted hashes should not be considered very secure.
- They use only a single round of digests with known collision and pre-image attacks (SHA1 & MD5).
- They currently use only 32 bits of entropy in their salt, which is only borderline sufficient to defeat rainbow tables, and cannot (portably) be increased.
Plaintext¶
- class passlib.hash.ldap_plaintext¶
This class stores passwords in plaintext, and follows the Password Hash Interface.
This class acts much like the generic passlib.hash.plaintext handler, except that it will identify a hash only if it does NOT begin with the {XXX} identifier prefix used by RFC2307 passwords.
The encrypt(), genhash(), and verify() methods all require the following additional contextual keyword:
Parameters: encoding (str) – This controls the character encoding to use (defaults to utf-8).
This encoding will be used to encode unicode passwords under Python 2, and decode bytes hashes under Python 3.
Changed in version 1.6: The encoding keyword was added.
This handler does not hash passwords at all, rather it encoded them into UTF-8. The only difference between this class and plaintext is that this class will NOT recognize any strings that use the {SCHEME}HASH format.
Deviations¶
- The salt size for the salted digests appears to vary between applications. While OpenLDAP is fixed at 4 bytes, some systems appear to use 8 or more. As of 1.6, Passlib can accept and generate strings with salts between 4-16 bytes, though various servers may differ in what they can handle.
Footnotes
| [1] | The manpage for slappasswd - http://gd.tuwien.ac.at/linuxcommand.org/man_pages/slappasswd8.html. |
| [2] | The basic format for these hashes is laid out in RFC 2307 - http://www.ietf.org/rfc/rfc2307.txt |
| [3] | OpenLDAP hash documentation - http://www.openldap.org/doc/admin24/security.html |
