1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
.. index::
single: Windows; Domain Cached Credentials
see: mscash; msdcc
see: mscache; msdcc
======================================================================
:class:`passlib.hash.msdcc` - Windows' Domain Cached Credentials
======================================================================
.. versionadded:: 1.6
.. warning::
This hash is not very secure, and should mainly be used to verify
existing cached credentials.
.. currentmodule:: passlib.hash
This class implements the DCC (Domain Cached Credentials) hash, used
by Windows to cache and verify remote credentials when the relevant
server is unavailable. It is known by a number of other names,
including "mscache" and "mscash" (Microsoft CAched haSH). Security wise
it is not particularly strong, as it's little more than :doc:`nthash <passlib.hash.nthash>`
salted with a username. It was replaced by :doc:`msdcc2 <passlib.hash.msdcc2>`
in Windows Vista.
This class can be used directly as follows::
>>> from passlib.hash import msdcc
>>> # encrypt password using specified username
>>> hash = msdcc.encrypt("password", user="Administrator")
>>> hash
'25fd08fa89795ed54207e6e8442a6ca0'
>>> # verify correct password
>>> msdcc.verify("password", hash, user="Administrator")
True
>>> # verify correct password w/ wrong username
>>> msdcc.verify("password", hash, user="User")
False
>>> # verify incorrect password
>>> msdcc.verify("letmein", hash, user="Administrator")
False
.. seealso::
* :ref:`password hash usage <password-hash-examples>` -- for more usage examples
* :doc:`msdcc2 <passlib.hash.msdcc2>` -- the successor to this hash
Interface
=========
.. autoclass:: msdcc()
.. rst-class:: html-toggle
Format & Algorithm
==================
Much like :class:`!lmhash` and :class:`!nthash`, MS DCC hashes
consists of a 16 byte digest, usually encoded as 32 hexidecimal characters.
An example hash (of ``"password"`` with the account ``"Administrator"``) is
``25fd08fa89795ed54207e6e8442a6ca0``.
The digest is calculated as follows:
1. The password is encoded using ``UTF-16-LE``.
2. The MD4 digest of step 1 is calculated.
(The result of this step is identical to the :class:`~passlib.hash.nthash`
of the password).
3. The unicode username is converted to lowercase,
and encoded using ``UTF-16-LE``.
This should be just the plain username (e.g. ``User``
not ``SOMEDOMAIN\\User``)
4. The username from step 3 is appended to the
digest from step 2; and the MD4 digest of the result
is calculated.
5. The result of step 4 is encoded into hexidecimal,
this is the DCC hash.
Security Issues
===============
This algorithm is should not be used for any purpose besides
manipulating existing DCC v1 hashes, due to the following flaws:
* It's use of the username as a salt value (and lower-case at that),
means that common usernames (eg ``Administrator``) will occur
more frequently as salts, weakening the effectiveness of the salt in
foiling pre-computed tables.
* The MD4 message digest has been severely compromised by collision and
preimage attacks.
* Efficient brute-force attacks on MD4 exist.
.. rubric:: Footnotes
.. [#] Description of DCC v1 algorithm -
`<http://openwall.info/wiki/john/MSCash>`_
|