File: passlib.hash.ldap_std.rst

package info (click to toggle)
python-passlib 1.7.4-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 3,920 kB
  • sloc: python: 23,094; makefile: 3
file content (127 lines) | stat: -rw-r--r-- 4,405 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
 
=============================================================
:samp:`passlib.hash.ldap_{digest}` - RFC2307 Standard Digests
=============================================================

.. currentmodule:: passlib.hash

Passlib provides support for all the standard
LDAP hash formats specified by :rfc:`2307`.
This includes ``{MD5}``, ``{SMD5}``, ``{SHA}``, ``{SSHA}``.
These schemes range from somewhat to very insecure,
and should not be used except when required.
These classes all wrap the underlying hashlib implementations,
and are can be used directly as follows::

    >>> from passlib.hash import ldap_salted_md5 as lsm

    >>> # hash password
    >>> hash = lsm.hash("password")
    >>> hash
    '{SMD5}OqsUXNHIhHbznxrqHoIM+ZT8DmE='

    >>> # verify password
    >>> lms.verify("password", hash)
    True
    >>> lms.verify("secret", hash)
    False

.. seealso::

    * :ref:`password hash usage <password-hash-examples>` -- for more usage examples

    * :doc:`ldap_{crypt} <passlib.hash.ldap_crypt>` --
      LDAP ``{CRYPT}`` wrappers for common Unix hash algorithms.

    * :mod:`passlib.apps` -- for a list of :ref:`premade ldap contexts <ldap-contexts>`.

Plain Hashes
============
.. warning::

    These hashes should not be considered secure in any way,
    as they are nothing but raw MD5 & SHA-1 digests,
    which are extremely vulnerable to brute-force attacks.

.. autoclass:: ldap_md5()
.. autoclass:: ldap_sha1()

Format
------

These hashes have the format :samp:`{prefix}{checksum}`.

* :samp:`{prefix}` is ``{MD5}`` for ldap_md5, and ``{SHA}`` for ldap_sha1.
* :samp:`{checksum}` is the base64 encoding
  of the raw message digest of the password,
  using the appropriate digest algorithm.

An example ldap_md5 hash (of ``password``) is ``{MD5}X03MO1qnZdYdgyfeuILPmQ==``.
An example ldap_sha1 hash (of ``password``) is ``{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=``.

Salted Hashes
=============
.. autoclass:: ldap_salted_md5()
.. autoclass:: ldap_salted_sha1()
.. autoclass:: ldap_salted_sha256()
.. autoclass:: ldap_salted_sha512()

These hashes have the format :samp:`{prefix}{data}`.

* :samp:`{prefix}` is ``{SMD5}`` for ldap_salted_md5,
  and ``{SSHA}`` for ldap_salted_sha1.
* :samp:`{data}` is the base64 encoding of :samp:`{checksum}{salt}`;
  and in turn :samp:`{salt}` is a multi-byte binary salt,
  and :samp:`{checksum}` is the raw digest of the
  the string :samp:`{password}{salt}`,
  using the appropriate digest algorithm.

Format
------

An example hash (of ``password``) is ``{SMD5}jNoSMNY0cybfuBWiaGlFw3Mfi/U=``.
After decoding, this results in a raw salt string ``s\x1f\x8b\xf5``,
and a raw MD5 checksum of ``\x8c\xda\x120\xd64s&\xdf\xb8\x15\xa2hiE\xc3``.

An example hash (of ``password``) is ``{SSHA}pKqkNr1tq3wtQqk+UcPyA3HnA2NsU5NJ``.
After decoding, this results in a raw salt string ``lS\x93I``,
and a raw SHA1 checksum of ``\xa4\xaa\xa46\xbdm\xab|-B\xa9>Q\xc3\xf2\x03q\xe7\x03c``.

Security Issues
---------------
The LDAP salted hashes should not be considered very secure.

* They use only a single round of digests with known collision
  and pre-image attacks (SHA1 & MD5).

* They currently use only 32 bits of entropy in their salt,
  which is only borderline sufficient to defeat rainbow tables,
  and cannot (portably) be increased.

* The SHA2 salted hashes (SSHA256, SSHA512) are only marginally better.
  they use the newer SHA2 hash; and 64 bits of entropy in their salt.

Plaintext
=========
.. autoclass:: ldap_plaintext()

This handler does not hash passwords at all,
rather it encoded them into UTF-8.
The only difference between this class and :class:`~passlib.hash.plaintext`
is that this class will NOT recognize any strings that use
the ``{SCHEME}HASH`` format.

Deviations
==========

* The salt size for the salted digests appears to vary between applications.
  While OpenLDAP is fixed at 4 bytes, some systems appear to use 8 or more.
  As of 1.6, Passlib can accept and generate strings with salts between 4-16 bytes,
  though various servers may differ in what they can handle.

.. rubric:: Footnotes

.. [#pwd] The manpage for :command:`slappasswd` - `<http://gd.tuwien.ac.at/linuxcommand.org/man_pages/slappasswd8.html>`_.

.. [#rfc] The basic format for these hashes is laid out in RFC 2307 - `<http://www.ietf.org/rfc/rfc2307.txt>`_

.. [#] OpenLDAP hash documentation - `<http://www.openldap.org/doc/admin24/security.html>`_