1Authen::Passphrase::VMSUPsuerrdyC(o3n)tributed Perl DocuAmuetnhteant:i:oPnassphrase::VMSPurdy(3)
2
3
4
6 Authen::Passphrase::VMSPurdy - passphrases with the VMS Purdy
7 polynomial system
8
10 use Authen::Passphrase::VMSPurdy;
11
12 $ppr = Authen::Passphrase::VMSPurdy->new(
13 username => "jrandom", salt => 25362,
14 hash_hex => "832a0c270179584a");
15
16 $ppr = Authen::Passphrase::VMSPurdy->new(
17 username => "jrandom", salt_random => 1,
18 passphrase => "passphrase");
19
20 $ppr = Authen::Passphrase::VMSPurdy->from_crypt(
21 '$VMS3$1263832A0C270179584AJRANDOM');
22
23 $ppr = Authen::Passphrase::VMSPurdy->from_rfc2307(
24 '{CRYPT}$VMS3$1263832A0C270179584AJRANDOM');
25
26 $algorithm = $ppr->algorithm;
27 $username = $ppr->username;
28 $salt = $ppr->salt;
29 $hash = $ppr->hash;
30 $hash_hex = $ppr->hash_hex;
31
32 if($ppr->match($passphrase)) { ...
33
34 $passwd = $ppr->as_crypt;
35 $userPassword = $ppr->as_rfc2307;
36
38 An object of this class encapsulates a passphrase hashed using one of
39 the Purdy polynomial hash functions used in VMS. This is a subclass of
40 Authen::Passphrase, and this document assumes that the reader is
41 familiar with the documentation for that class.
42
43 The core of the Purdy polynomial hashing algorithm transforms one
44 64-bit number into another 64-bit number. It was developed by George
45 B. Purdy, and described in the paper "A High Security Log-in Procedure"
46 which can be found at
47 <http://portal.acm.org/citation.cfm?id=361089&dl=GUIDE&coll=ACM&CFID=15151515&CFTOKEN=6184618>.
48
49 For practical use in passphrase hashing, the Purdy polynomial must be
50 augmented by a procedure to turn a variable-length passphrase into the
51 initial 64-bit number to be hashed. In VMS this pre-hashing phase also
52 incorporates the username of the account to which access is being
53 controlled, in order to prevent identical passphrases yielding
54 identical hashes. This is a form of salting. Another salt parameter,
55 a 16-bit integer, is also included, this one going under the name
56 "salt".
57
58 There are three variants of the pre-hashing algorithm. The original
59 version, known as "PURDY" and used during field testing of VMS 2.0,
60 truncates or space-pads the username to a fixed length. The second
61 version, known as "PURDY_V" and used from VMS 2.0 up to (but not
62 including) VMS 5.4, properly handles the variable-length nature of the
63 username. The third version, known as "PURDY_S" and used from VMS 5.4
64 onwards, performs some extra bit rotations to avoid aliasing problems
65 when pre-hashing long strings. All three versions are supported by
66 this module.
67
68 VMS heavily restricts the composition of both usernames and
69 passphrases. They may only contain alphanumerics, "$", and "_". Case
70 is insignificant. Usernames must be between 1 and 31 characters long,
71 and passphrases must be between 1 and 32 characters long. This module
72 enforces these rules. An invalid passphrase is never accepted as
73 matching.
74
76 Authen::Passphrase::VMSPurdy->new(ATTR => VALUE, ...)
77 Generates a new passphrase recogniser object using the VMS Purdy
78 polynomial algorithm family. The following attributes may be
79 given:
80
81 algorithm
82 A string indicating which variant of the algorithm is to be
83 used. Valid values are "PURDY" (the original), "PURDY_V"
84 (modified to use full length of the username), and "PURDY_S"
85 (extra rotations to avoid aliasing when processing long
86 strings). Default "PURDY_S".
87
88 username
89 A string to be used as the `username' salt parameter. It is
90 limited to VMS username syntax.
91
92 salt
93 The salt, as an integer in the range [0, 65536).
94
95 salt_hex
96 The salt, as a string of four hexadecimal digits. The first
97 two digits must give the least-significant byte and the last
98 two give the most-significant byte, with most-significant
99 nybble first within each byte.
100
101 salt_random
102 Causes salt to be generated randomly. The value given for this
103 attribute is ignored. The source of randomness may be
104 controlled by the facility described in Data::Entropy.
105
106 hash
107 The hash, as a string of eight bytes.
108
109 hash_hex
110 The hash, as a string of 16 hexadecimal digits.
111
112 passphrase
113 A passphrase that will be accepted. It is limited to VMS
114 passphrase syntax.
115
116 The username and salt must be given, and either the hash or the
117 passphrase.
118
119 Authen::Passphrase::VMSPurdy->from_crypt(PASSWD)
120 Generates a new passphrase recogniser object using the VMS Purdy
121 polynomial algorithm family, from a crypt string. The string must
122 consist of an algorithm identifier, the salt in hexadecimal, the
123 hash in hexadecimal, then the username. The salt must be given as
124 four hexadecimal digits, the first two giving the least-significant
125 byte and the last two giving the most-significant byte, with most-
126 significant nybble first within each byte. The algorithm
127 identifier must be "$VMS1$" for "PURDY", "$VMS2$" for "PURDY_V", or
128 "$VMS3$" for "PURDY_S". The whole crypt string must be uppercase.
129
130 Authen::Passphrase::VMSPurdy->from_rfc2307(USERPASSWORD)
131 Generates a new passphrase recogniser object using the VMS Purdy
132 polynomial algorithm family, from an RFC 2307 string. The string
133 must consist of "{CRYPT}" (case insensitive) followed by an
134 acceptable crypt string.
135
137 $ppr->algorithm
138 Returns the algorithm variant identifier string. It may be "PURDY"
139 (the original), "PURDY_V" (modified to use full length of the
140 username), and "PURDY_S" (extra rotations to avoid aliasing when
141 processing long strings).
142
143 $ppr->username
144 Returns the username string. All alphabetic characters in it are
145 uppercase, which is the canonical form.
146
147 $ppr->salt
148 Returns the salt, as an integer.
149
150 $ppr->salt_hex
151 Returns the salt, as a string of four hexadecimal digits. The
152 first two digits give the least-significant byte and the last two
153 give the most-significant byte, with most-significant nybble first
154 within each byte.
155
156 $ppr->hash
157 Returns the hash value, as a string of eight bytes.
158
159 $ppr->hash_hex
160 Returns the hash value, as a string of 16 uppercase hexadecimal
161 digits.
162
163 $ppr->match(PASSPHRASE)
164 $ppr->as_crypt
165 $ppr->as_rfc2307
166 These methods are part of the standard Authen::Passphrase
167 interface.
168
170 Authen::DecHpwd, Authen::Passphrase
171
173 Andrew Main (Zefram) <zefram@fysh.org>
174
176 Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
177 <zefram@fysh.org>
178
180 This module is free software; you can redistribute it and/or modify it
181 under the same terms as Perl itself.
182
183
184
185perl v5.32.0 2020-07-28 Authen::Passphrase::VMSPurdy(3)