passlib.hash.sun_md5_crypt
- Sun MD5 Crypt¶
This algorithm was developed by Alec Muffett [1] for Solaris, as a replacement for the aging des_crypt
.
It was introduced in Solaris 9u2. While based on the MD5 message digest, it has very little at all
in common with the md5_crypt
algorithm. It supports
32 bit variable rounds and an 8 character salt.
See also
password hash usage – for examples of how to use this class via the common hash interface.
Note
The original Solaris implementation has some hash encoding quirks which may not be properly accounted for in Passlib. Until more user feedback and sample hashes have been gathered, caveat emptor.
Interface¶
-
class
passlib.hash.
sun_md5_crypt
¶ This class implements the Sun-MD5-Crypt password hash, and follows the PasswordHash API.
It supports a variable-length salt, and a variable number of rounds.
The
using()
method accepts the following optional keywords:Parameters: - salt (str) – Optional salt string.
If not specified, a salt will be autogenerated (this is recommended).
If specified, it must be drawn from the regexp range
[./0-9A-Za-z]
. - salt_size (int) – If no salt is specified, this parameter can be used to specify the size (in characters) of the autogenerated salt. It currently defaults to 8.
- rounds (int) – Optional number of rounds to use. Defaults to 34000, must be between 0 and 4294963199, inclusive.
- bare_salt (bool) – Optional flag used to enable an alternate salt digest behavior
used by some hash strings in this scheme.
This flag can be ignored by most users.
Defaults to
False
. (see Bare Salt Issue for details). - relaxed (bool) –
By default, providing an invalid value for one of the other keywords will result in a
ValueError
. Ifrelaxed=True
, and the error can be corrected, aPasslibHashWarning
will be issued instead. Correctable errors includerounds
that are too small or too large, andsalt
strings that are too long.New in version 1.6.
- salt (str) – Optional salt string.
If not specified, a salt will be autogenerated (this is recommended).
If specified, it must be drawn from the regexp range
Format¶
An example hash (of passwd
) is $md5,rounds=5000$GUBv0xjJ$$mSwgIswdjlTY0YxV7HBVm0
.
A sun-md5-crypt hash string has the format $md5,rounds=rounds$salt$$checksum
, where:
$md5,
is the prefix used to identify the hash.rounds
is the decimal number of rounds to use (5000 in the example).salt
is 0-8 salt characters drawn from[./0-9A-Za-z]
(GUBv0xjJ
in the example).checksum
is 22 characters drawn from the same set, encoding a 128-bit checksum (mSwgIswdjlTY0YxV7HBVm0
in the example).
An alternate format, $md5$salt$$checksum
is used when the rounds value is 0.
There also exists some hashes which have only a single $
between the
salt and the checksum; these have a slightly different checksum calculation
(see Bare Salt Issue for details).
Note
Solaris seems to deviate from the Modular Crypt Format in that
it considers ,
to indicate the end of the identifier
in addition to $
.
Algorithm¶
Deviations¶
Passlib’s implementation of Sun-MD5-Crypt deliberately deviates from the official implementation in the following ways:
Unicode Policy:
The underlying algorithm takes in a password specified as a series of non-null bytes, and does not specify what encoding should be used; though a
us-ascii
compatible encoding is implied by all known reference hashes.In order to provide support for unicode strings, Passlib will encode unicode passwords using
utf-8
before running them through sun-md5-crypt. If a different encoding is desired by an application, the password should be encoded before handing it to Passlib.Rounds encoding
The underlying scheme implicitly allows rounds to have zero padding (e.g.
$md5,rounds=001$abc$
), and also allows 0 rounds to be specified two ways ($md5$abc$
and$md5,rounds=0$abc$
). Allowing either of these would result in multiple possible checksums for the same password & salt. To prevent ambiguity, Passlib will throw aValueError
if the rounds value is zero-padded, or specified explicitly as 0 (e.g.$md5,rounds=0$abc$
).
Given the lack of documentation, lack of test vectors, and known bugs which accompany the original Solaris implementation, Passlib may not accurately be able to generate and verify all hashes encountered in a Solaris environment. Issues of concern include:
- Some hashes found on the web use a
$
in place of the,
. It is unclear whether this is an accepted alternate format or just a typo, nor whether this is supposed to affect the checksum in the resulting hash string. - The current implementation needs addition test vectors; especially ones which contain an explicitly specific number of rounds.
- More information is needed about the parsing / formatting issue described in the Bare Salt Issue section.
Footnotes
[1] | (1, 2) Overview of & motivations for the algorithm - http://dropsafe.crypticide.com/article/1389 |
[2] | The source of Hamlet’s speech, used byte-for-byte as the constant data - http://www.ibiblio.org/pub/docs/books/gutenberg/etext98/2ws2610.txt |