1Authen::Passphrase::VMSUPsuerrdyC(o3n)tributed Perl DocuAmuetnhteant:i:oPnassphrase::VMSPurdy(3)
2
3
4

NAME

6       Authen::Passphrase::VMSPurdy - passphrases with the VMS Purdy
7       polynomial system
8

SYNOPSIS

10               use Authen::Passphrase::VMSPurdy;
11
12               $ppr = Authen::Passphrase::VMSPurdy->new(
13                               username => "jrandom", salt => 25362,
14                               hash_hex => "832a0c270179584a");
15
16               $ppr = Authen::Passphrase::VMSPurdy->new(
17                               username => "jrandom", salt_random => 1,
18                               passphrase => "passphrase");
19
20               $ppr = Authen::Passphrase::VMSPurdy->from_crypt(
21                       '$VMS3$1263832A0C270179584AJRANDOM');
22
23               $ppr = Authen::Passphrase::VMSPurdy->from_rfc2307(
24                       '{CRYPT}$VMS3$1263832A0C270179584AJRANDOM');
25
26               $algorithm = $ppr->algorithm;
27               $username = $ppr->username;
28               $salt = $ppr->salt;
29               $hash = $ppr->hash;
30               $hash_hex = $ppr->hash_hex;
31
32               if($ppr->match($passphrase)) { ...
33
34               $passwd = $ppr->as_crypt;
35               $userPassword = $ppr->as_rfc2307;
36

DESCRIPTION

38       An object of this class encapsulates a passphrase hashed using one of
39       the Purdy polynomial hash functions used in VMS.  This is a subclass of
40       Authen::Passphrase, and this document assumes that the reader is
41       familiar with the documentation for that class.
42
43       The core of the Purdy polynomial hashing algorithm transforms one
44       64-bit number into another 64-bit number.  It was developed by George
45       B. Purdy, and described in the paper "A High Security Log-in Procedure"
46       which can be found at
47       <http://portal.acm.org/citation.cfm?id=361089&dl=GUIDE&coll=ACM&CFID=15151515&CFTOKEN=6184618>.
48
49       For practical use in passphrase hashing, the Purdy polynomial must be
50       augmented by a procedure to turn a variable-length passphrase into the
51       initial 64-bit number to be hashed.  In VMS this pre-hashing phase also
52       incorporates the username of the account to which access is being
53       controlled, in order to prevent identical passphrases yielding
54       identical hashes.  This is a form of salting.  Another salt parameter,
55       a 16-bit integer, is also included, this one going under the name
56       "salt".
57
58       There are three variants of the pre-hashing algorithm.  The original
59       version, known as "PURDY" and used during field testing of VMS 2.0,
60       truncates or space-pads the username to a fixed length.  The second
61       version, known as "PURDY_V" and used from VMS 2.0 up to (but not
62       including) VMS 5.4, properly handles the variable-length nature of the
63       username.  The third version, known as "PURDY_S" and used from VMS 5.4
64       onwards, performs some extra bit rotations to avoid aliasing problems
65       when pre-hashing long strings.  All three versions are supported by
66       this module.
67
68       VMS heavily restricts the composition of both usernames and
69       passphrases.  They may only contain alphanumerics, "$", and "_".  Case
70       is insignificant.  Usernames must be between 1 and 31 characters long,
71       and passphrases must be between 1 and 32 characters long.  This module
72       enforces these rules.  An invalid passphrase is never accepted as
73       matching.
74

CONSTRUCTORS

76       Authen::Passphrase::VMSPurdy->new(ATTR => VALUE, ...)
77           Generates a new passphrase recogniser object using the VMS Purdy
78           polynomial algorithm family.  The following attributes may be
79           given:
80
81           algorithm
82               A string indicating which variant of the algorithm is to be
83               used.  Valid values are "PURDY" (the original), "PURDY_V"
84               (modified to use full length of the username), and "PURDY_S"
85               (extra rotations to avoid aliasing when processing long
86               strings).  Default "PURDY_S".
87
88           username
89               A string to be used as the `username' salt parameter.  It is
90               limited to VMS username syntax.
91
92           salt
93               The salt, as an integer in the range [0, 65536).
94
95           salt_hex
96               The salt, as a string of four hexadecimal digits.  The first
97               two digits must give the least-significant byte and the last
98               two give the most-significant byte, with most-significant
99               nybble first within each byte.
100
101           salt_random
102               Causes salt to be generated randomly.  The value given for this
103               attribute is ignored.  The source of randomness may be
104               controlled by the facility described in Data::Entropy.
105
106           hash
107               The hash, as a string of eight bytes.
108
109           hash_hex
110               The hash, as a string of 16 hexadecimal digits.
111
112           passphrase
113               A passphrase that will be accepted.  It is limited to VMS
114               passphrase syntax.
115
116           The username and salt must be given, and either the hash or the
117           passphrase.
118
119       Authen::Passphrase::VMSPurdy->from_crypt(PASSWD)
120           Generates a new passphrase recogniser object using the VMS Purdy
121           polynomial algorithm family, from a crypt string.  The string must
122           consist of an algorithm identifier, the salt in hexadecimal, the
123           hash in hexadecimal, then the username.  The salt must be given as
124           four hexadecimal digits, the first two giving the least-significant
125           byte and the last two giving the most-significant byte, with most-
126           significant nybble first within each byte.  The algorithm
127           identifier must be "$VMS1$" for "PURDY", "$VMS2$" for "PURDY_V", or
128           "$VMS3$" for "PURDY_S".  The whole crypt string must be uppercase.
129
130       Authen::Passphrase::VMSPurdy->from_rfc2307(USERPASSWORD)
131           Generates a new passphrase recogniser object using the VMS Purdy
132           polynomial algorithm family, from an RFC 2307 string.  The string
133           must consist of "{CRYPT}" (case insensitive) followed by an
134           acceptable crypt string.
135

METHODS

137       $ppr->algorithm
138           Returns the algorithm variant identifier string.  It may be "PURDY"
139           (the original), "PURDY_V" (modified to use full length of the
140           username), and "PURDY_S" (extra rotations to avoid aliasing when
141           processing long strings).
142
143       $ppr->username
144           Returns the username string.  All alphabetic characters in it are
145           uppercase, which is the canonical form.
146
147       $ppr->salt
148           Returns the salt, as an integer.
149
150       $ppr->salt_hex
151           Returns the salt, as a string of four hexadecimal digits.  The
152           first two digits give the least-significant byte and the last two
153           give the most-significant byte, with most-significant nybble first
154           within each byte.
155
156       $ppr->hash
157           Returns the hash value, as a string of eight bytes.
158
159       $ppr->hash_hex
160           Returns the hash value, as a string of 16 uppercase hexadecimal
161           digits.
162
163       $ppr->match(PASSPHRASE)
164       $ppr->as_crypt
165       $ppr->as_rfc2307
166           These methods are part of the standard Authen::Passphrase
167           interface.
168

SEE ALSO

170       Authen::DecHpwd, Authen::Passphrase
171

AUTHOR

173       Andrew Main (Zefram) <zefram@fysh.org>
174
176       Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
177       <zefram@fysh.org>
178

LICENSE

180       This module is free software; you can redistribute it and/or modify it
181       under the same terms as Perl itself.
182
183
184
185perl v5.30.1                      2020-01-29   Authen::Passphrase::VMSPurdy(3)
Impressum