1Authen::Passphrase::BigUCsreyrptC(o3n)tributed Perl DocuAmuetnhteant:i:oPnassphrase::BigCrypt(3)
2
3
4
6 Authen::Passphrase::BigCrypt - passphrases using bigcrypt algorithm
7
9 use Authen::Passphrase::BigCrypt;
10
11 $ppr = Authen::Passphrase::BigCrypt->new(
12 salt_base64 => "qi",
13 hash_base64 => "yh4XPJGsOZ2MEAyLkfWqeQ");
14
15 $ppr = Authen::Passphrase::BigCrypt->new(
16 salt_random => 12,
17 passphrase => "passphrase");
18
19 $salt = $ppr->salt;
20 $salt_base64 = $ppr->salt_base64_2;
21 $hash = $ppr->hash;
22 $hash_base64 = $ppr->hash_base64;
23
24 $pprs = $ppr->sections;
25
26 if($ppr->match($passphrase)) { ...
27
29 An object of this class encapsulates a passphrase hashed using the
30 "bigcrypt" hash function found in HP-UX, Digital Unix, OSF/1, and some
31 other flavours of Unix. Do not confuse this with the "crypt16" found
32 on Ultrix and Tru64 (for which see Authen::Passphrase::Crypt16). This
33 is a subclass of Authen::Passphrase, and this document assumes that the
34 reader is familiar with the documentation for that class.
35
36 This is a derivation of the original DES-based crypt function found on
37 all Unices (see Authen::Passphrase::DESCrypt). The first eight bytes
38 of the passphrase are used as a DES key to encrypt the all-bits-zero
39 block through 25 rounds of (12-bit) salted DES, just like the original
40 crypt. Then, if the passphrase is longer than eight bytes, the next
41 eight bytes are used as a DES key to encrypt the all-bits-zero block
42 through 25 rounds of salted DES, using as salt the first 12 bits of the
43 hash of the first section. Then, if the passphrase is longer than
44 sixteen bytes, the next eight bytes are used, with salt consisting of
45 the first 12 bits of the hash of the second section. This repeats
46 until the entire passphrase has been used. The hashes of all the
47 sections are concatenated to form the final hash.
48
49 A password hash of this scheme is conventionally represented in ASCII
50 using the base 64 encoding of the underlying DES-based crypt function.
51 The first two characters give the salt for the first section, the next
52 eleven give the hash of the first section, the next eleven give the
53 hash of the second section, and so on. A hash thus encoded is used as
54 a crypt string, on those systems where the bigcrypt algorithm is part
55 of crypt(), but the syntax clashes with that of crypt16. This module
56 does not treat it as a crypt string syntax.
57
58 Because the sections of the passphrase are hashed separately, it is
59 possible to manipulate (e.g., crack) a section hash in isolation. See
60 Authen::Passphrase::DESCrypt for handling of a single section.
61
62 Warning: This is a fatally flawed design, often providing less security
63 than the plain DES scheme alone. Do not use seriously.
64
66 Authen::Passphrase::BigCrypt->new(ATTR => VALUE, ...)
67 Generates a new passphrase recogniser object using the bigcrypt
68 hash algorithm. The following attributes may be given:
69
70 salt
71 The salt for the first section, as an integer in the range [0,
72 4096).
73
74 salt_base64
75 The salt for the first section, as a string of two base 64
76 digits.
77
78 salt_random
79 Causes salt for the first section to be generated randomly.
80 The value given for this attribute must be 12, indicating
81 generation of 12 bits of salt. The source of randomness may be
82 controlled by the facility described in Data::Entropy.
83
84 hash
85 The hash, as a string of bytes.
86
87 hash_base64
88 The hash, as a string of base 64 digits.
89
90 passphrase
91 A passphrase that will be accepted.
92
93 The salt for the first section must be given, and either the hash
94 or the passphrase.
95
97 $ppr->salt
98 Returns the salt for the first section, as a Perl integer.
99
100 $ppr->salt_base64_2
101 Returns the salt for the first section, as a string of two base 64
102 digits.
103
104 $ppr->hash
105 Returns the hash value, as a string of bytes.
106
107 $ppr->hash_base64
108 Returns the hash value, as a string of base 64 digits. This is the
109 concatenation of the base 64 encodings of the section hashes,
110 rather than a base64 encoding of the combined hash.
111
112 $ppr->sections
113 Returns a reference to an array of Authen::Passphrase::DESCrypt
114 passphrase recognisers for the sections of the passphrase.
115
116 $ppr->match(PASSPHRASE)
117 This method is part of the standard Authen::Passphrase interface.
118
120 Authen::Passphrase, Authen::Passphrase::DESCrypt
121
123 Andrew Main (Zefram) <zefram@fysh.org>
124
126 Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
127 <zefram@fysh.org>
128
130 This module is free software; you can redistribute it and/or modify it
131 under the same terms as Perl itself.
132
133
134
135perl v5.32.0 2020-07-28 Authen::Passphrase::BigCrypt(3)