The Passlib documentation has moved to https://passlib.readthedocs.io
passlib.hash.apr_md5_crypt
- Apache’s MD5-Crypt variant¶
Danger
This algorithm is not considered secure by modern standards. It should only be used when verifying existing hashes, or when interacting with applications that require this format. For new code, see the list of recommended hashes.
This hash is a variation of md5_crypt
,
primarily used by the Apache webserver in htpasswd
files.
It contains only minor changes to the MD5-Crypt algorithm,
and should be considered just as weak as MD5-Crypt itself.
See also
- password hash usage – for examples of how to use this class via the common hash interface.
passlib.apache
– routines for manipulatinghtpasswd
files.
Interface¶
-
class
passlib.hash.
apr_md5_crypt
¶ This class implements the Apr-MD5-Crypt password hash, and follows the PasswordHash API.
It supports a variable-length salt.
The
using()
method accepts the following optional keywords:Parameters: - salt (str) – Optional salt string.
If not specified, one will be autogenerated (this is recommended).
If specified, it must be 0-8 characters, drawn from the regexp range
[./0-9A-Za-z]
. - relaxed (bool) –
By default, providing an invalid value for one of the other keywords will result in a
ValueError
. Ifrelaxed=True
, and the error can be corrected, aPasslibHashWarning
will be issued instead. Correctable errors includesalt
strings that are too long.New in version 1.6.
- salt (str) – Optional salt string.
If not specified, one will be autogenerated (this is recommended).
If specified, it must be 0-8 characters, drawn from the regexp range
Format & Algorithm¶
This format and algorithm of Apache’s MD5-Crypt is identical to the original MD5-Crypt, except for two changes:
- The encoded string uses
$apr1$
as its prefix, while md5-crypt uses$1$
. - The algorithm uses
$apr1$
as a constant in the step where md5-crypt uses$1$
in its calculation of digest B (see the md5-crypt algorithm). Because of this change, even raw checksums generated by apr-md5-crypt and md5-crypt are not compatible with each other.
See md5_crypt for the format & algorithm descriptions, as well as security notes.
Footnotes
[1] | Apache’s description of Apr-MD5-Crypt - http://httpd.apache.org/docs/2.2/misc/password_encryptions.html |