1Authen::Passphrase::MD5UCsreyrptC(o3n)tributed Perl DocuAmuetnhteant:i:oPnassphrase::MD5Crypt(3)
2
3
4

NAME

6       Authen::Passphrase::MD5Crypt - passphrases using the MD5-based Unix
7       crypt()
8

SYNOPSIS

10               use Authen::Passphrase::MD5Crypt;
11
12               $ppr = Authen::Passphrase::MD5Crypt->new(
13                               salt => "Vd3f8aG6",
14                               hash_base64 => "GcsdF4YCXb0PM2UmXjIoI1");
15
16               $ppr = Authen::Passphrase::MD5Crypt->new(
17                               salt_random => 1,
18                               passphrase => "passphrase");
19
20               $ppr = Authen::Passphrase::MD5Crypt->from_crypt(
21                       '$1$Vd3f8aG6$GcsdF4YCXb0PM2UmXjIoI1');
22
23               $ppr = Authen::Passphrase::MD5Crypt->from_rfc2307(
24                       '{CRYPT}$1$Vd3f8aG6$GcsdF4YCXb0PM2UmXjIoI1');
25
26               $salt = $ppr->salt;
27               $hash_base64 = $ppr->hash_base64;
28
29               if($ppr->match($passphrase)) { ...
30
31               $passwd = $ppr->as_crypt;
32               $userPassword = $ppr->as_rfc2307;
33

DESCRIPTION

35       An object of this class encapsulates a passphrase hashed using the
36       MD5-based Unix crypt() hash function.  This is a subclass of
37       Authen::Passphrase, and this document assumes that the reader is
38       familiar with the documentation for that class.
39
40       The crypt() function in a modern Unix actually supports several
41       different passphrase schemes.  This class is concerned only with one
42       particular scheme, an MD5-based algorithm designed by Poul-Henning Kamp
43       and originally implemented in FreeBSD.  To handle the whole range of
44       passphrase schemes supported by the modern crypt(), see the from_crypt
45       constructor and the as_crypt method in Authen::Passphrase.
46
47       The MD5-based crypt() scheme uses the whole passphrase, a salt which
48       can in principle be an arbitrary byte string, and the MD5 message
49       digest algorithm.  First the passphrase and salt are hashed together,
50       yielding an MD5 message digest.  Then a new digest is constructed,
51       hashing together the passphrase, the salt, and the first digest, all in
52       a rather complex form.  Then this digest is passed through a thousand
53       iterations of a function which rehashes it together with the passphrase
54       and salt in a manner that varies between rounds.  The output of the
55       last of these rounds is the resulting passphrase hash.
56
57       In the crypt() function the raw hash output is then represented in
58       ASCII as a 22-character string using a base 64 encoding.  The base 64
59       digits are ".", "/", "0" to "9", "A" to "Z", "a" to "z" (in ASCII
60       order).  Because the base 64 encoding can represent 132 bits in 22
61       digits, more than the 128 required, the last digit can only take four
62       of the base 64 digit values.  An additional complication is that the
63       bytes of the raw algorithm output are permuted in a bizarre order
64       before being represented in base 64.
65
66       There is no tradition of handling these passphrase hashes in raw binary
67       form.  The textual encoding described above, including the final
68       permutation, is used universally, so this class does not support any
69       binary format.
70
71       The complex algorithm was designed to be slow to compute, in order to
72       resist brute force attacks.  However, the complexity is fixed, and the
73       operation of Moore's Law has rendered it far less expensive than
74       intended.  If efficiency of a brute force attack is a concern, see
75       Authen::Passphrase::BlowfishCrypt.
76

CONSTRUCTORS

78       Authen::Passphrase::MD5Crypt->new(ATTR => VALUE, ...)
79           Generates a new passphrase recogniser object using the MD5-based
80           crypt() algorithm.  The following attributes may be given:
81
82           salt
83               The salt, as a raw string.  It may be any byte string, but in
84               crypt() usage it is conventionally limited to zero to eight
85               base 64 digits.
86
87           salt_random
88               Causes salt to be generated randomly.  The value given for this
89               attribute is ignored.  The salt will be a string of eight base
90               64 digits.  The source of randomness may be controlled by the
91               facility described in Data::Entropy.
92
93           hash_base64
94               The hash, as a string of 22 base 64 digits.  This is the final
95               part of what crypt() outputs.
96
97           passphrase
98               A passphrase that will be accepted.
99
100           The salt must be given, and either the hash or the passphrase.
101
102       Authen::Passphrase::MD5Crypt->from_crypt(PASSWD)
103           Generates a new passphrase recogniser object using the MD5-based
104           crypt() algorithm, from a crypt string.  The crypt string must
105           consist of "$1$", the salt, "$", then 22 base 64 digits giving the
106           hash.  The salt may be up to 8 characters long, and cannot contain
107           "$" or any character that cannot appear in a crypt string.
108
109       Authen::Passphrase::MD5Crypt->from_rfc2307(USERPASSWORD)
110           Generates a new passphrase recogniser object using the MD5-based
111           crypt() algorithm, from an RFC 2307 string.  The string must
112           consist of "{CRYPT}" (case insensitive) followed by an acceptable
113           crypt string.
114

METHODS

116       $ppr->salt
117           Returns the salt, in raw form.
118
119       $ppr->hash_base64
120           Returns the hash value, as a string of 22 base 64 digits.
121
122       $ppr->match(PASSPHRASE)
123       $ppr->as_crypt
124       $ppr->as_rfc2307
125           These methods are part of the standard Authen::Passphrase
126           interface.  Not every passphrase recogniser of this type can be
127           represented as a crypt string: the crypt format only allows the
128           salt to be up to eight bytes, and it cannot contain any NUL or "$"
129           characters.
130

SEE ALSO

132       Authen::Passphrase, Crypt::PasswdMD5
133

AUTHOR

135       Andrew Main (Zefram) <zefram@fysh.org>
136
138       Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
139       <zefram@fysh.org>
140

LICENSE

142       This module is free software; you can redistribute it and/or modify it
143       under the same terms as Perl itself.
144
145
146
147perl v5.34.0                      2022-01-20   Authen::Passphrase::MD5Crypt(3)
Impressum