The Passlib documentation has moved to https://passlib.readthedocs.io

passlib.hash.nthash - Windows’ NT-HASH

Danger

This algorithm is dangerously insecure by modern standards. It is trivially broken, and should not be used if at all possible. For new code, see the list of recommended hashes.

New in version 1.6.

This class implements the NT-HASH algorithm, used by Microsoft Windows NT and successors to store user account passwords, supplanting the much weaker lmhash algorithm. This class can be used directly as follows:

>>> from passlib.hash import nthash

>>> # hash password
>>> h = nthash.hash("password")
>>> h
'8846f7eaee8fb117ad06bdd830b7586c'

>>> # verify password
>>> nthash.verify("password", h)
True
>>> nthash.verify("secret", h)
False

See also

the generic PasswordHash usage examples

Interface

class passlib.hash.nthash

This class implements the NT Password hash, and follows the PasswordHash API.

It has no salt and a single fixed round.

The hash() and genconfig() methods accept no optional keywords.

Note that while this class outputs lower-case hexadecimal digests, it will accept upper-case digests as well.

Format & Algorithm

A nthash consists of 32 hexadecimal digits, which encode the digest. An example hash (of password) is 8846f7eaee8fb117ad06bdd830b7586c.

The digest is calculated by encoding the secret using UTF-16-LE, taking the MD4 digest, and then encoding that as hexadecimal.

FreeBSD Variant

For cross-compatibility, FreeBSD’s crypt() supports storing NTHASH digests in a manner compatible with the Modular Crypt Format, to enable administrators to store user passwords in a manner compatible with the SMB/CIFS protocol. This is accomplished by assigning NTHASH digests the identifier $3$, and prepending the identifier to the normal (lowercase) NTHASH digest. An example digest (of password) is $3$$8846f7eaee8fb117ad06bdd830b7586c (note the doubled $$).

passlib.hash.bsd_nthash

This object supports FreeBSD’s representation of NTHASH (which is compatible with the Modular Crypt Format), and follows the PasswordHash API.

It has no salt and a single fixed round.

The hash() and genconfig() methods accept no optional keywords.

Changed in version 1.6: This hash was named nthash under previous releases of Passlib.

Security Issues

This algorithm should be considered completely broken:

  • It has no salt.
  • The MD4 message digest has been severely compromised by collision and preimage attacks.
  • Brute-force and pre-computed attacks exist targeting MD4 hashes in general, and the encoding used by NTHASH in particular.