You will be redirected to the new location in 10 seconds.
passlib.hash - Password Hashing Schemes¶ Overview¶
The passlib.hash module contains all the password hash algorithms built into Passlib. While each hash has its own options and output format, they all inherit from the PasswordHash base interface. The following pages describe each hash in detail, including its format, underlying algorithm, and known security issues.
Danger
Many of the hash algorithms listed below are *NOT* secure.
Passlib supports a wide array of hash algorithms, primarily to support legacy data and systems. If you want to choose a secure algorithm for a new application, see the Quickstart Guide.
Unix Hashes¶Aside from “archaic” schemes such as des_crypt, most of the password hashes supported by modern Unix flavors adhere to the modular crypt format, allowing them to be easily distinguished when used within the same file. The basic of format $scheme$hash has also been adopted for use by other applications and password hash schemes.
All the following schemes are actively in use by various Unix flavors to store user passwords They all follow the modular crypt format.
Special note should be made of the following fallback helper, which is not an actual hash scheme, but implements the “disabled account marker” found in many Linux & BSD password files:
Deprecated Unix Hashes¶The following schemes are supported by various Unix systems using the modular crypt format, but are no longer considered secure, and have been deprecated in favor of the Active Unix Hashes (above).
passlib.hash.bsd_nthash - FreeBSD’s MCF-compatible encoding of nthash digestsThe following schemes are supported by certain Unix systems, but are considered particularly archaic: Not only do they predate the modular crypt format, but they’re based on the outmoded DES block cipher, and are woefully insecure:
Other “Modular Crypt” Hashes¶The modular crypt format is a loose standard for password hash strings which started life under the Unix operating system, and is used by many of the Unix hashes (above). However, it’s it’s basic $scheme$hash format has also been adopted by a number of application-specific hash algorithms:
While most of these schemes generally require an application-specific implementation, natively used by any Unix flavor to store user passwords, they can be used compatibly along side other modular crypt format hashes:
Deprecated Hashes¶The following are some additional application-specific hashes which are still occasionally seen, use the modular crypt format, but are rarely used or weak enough that they have been deprecated:
LDAP / RFC2307 Hashes¶All of the following hashes use a variant of the password hash format used by LDAPv2. Originally specified in RFC 2307 and used by OpenLDAP [1], the basic format {SCHEME}HASH has seen widespread adoption in a number of programs.
The following schemes are used by various SQL databases to encode their own user accounts. These schemes have encoding and contextual requirements not seen outside those specific contexts:
MS Windows Hashes¶The following hashes are used in various places by Microsoft Windows. As they were designed for “internal” use, they generally contain no identifying markers, identifying them is pretty much context-dependant.
Cisco Hashes¶Cisco IOS
The following hashes are used in various places on Cisco IOS, and are usually referred to by a Cisco-assigned “type” code:
Cisco PIX & ASA
Separately from this, Cisco PIX & ASA firewalls have their own hash formats, generally identified by the “format” parameter in the username user password hash format config line they occur in. The following are known & handled by passlib:
passlib.hash.nthash, except that they use base64 encoding rather than hexadecimal.The following schemes are used in various contexts, but have formats or uses which cannot be easily placed in one of the above categories:
Footnotes
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3