1Authen::Passphrase::MD5UCsreyrptC(o3n)tributed Perl DocuAmuetnhteant:i:oPnassphrase::MD5Crypt(3)
2
3
4
6 Authen::Passphrase::MD5Crypt - passphrases using the MD5-based Unix
7 crypt()
8
10 use Authen::Passphrase::MD5Crypt;
11
12 $ppr = Authen::Passphrase::MD5Crypt->new(
13 salt => "Vd3f8aG6",
14 hash_base64 => "GcsdF4YCXb0PM2UmXjIoI1");
15
16 $ppr = Authen::Passphrase::MD5Crypt->new(
17 salt_random => 1,
18 passphrase => "passphrase");
19
20 $ppr = Authen::Passphrase::MD5Crypt->from_crypt(
21 '$1$Vd3f8aG6$GcsdF4YCXb0PM2UmXjIoI1');
22
23 $ppr = Authen::Passphrase::MD5Crypt->from_rfc2307(
24 '{CRYPT}$1$Vd3f8aG6$GcsdF4YCXb0PM2UmXjIoI1');
25
26 $salt = $ppr->salt;
27 $hash_base64 = $ppr->hash_base64;
28
29 if($ppr->match($passphrase)) { ...
30
31 $passwd = $ppr->as_crypt;
32 $userPassword = $ppr->as_rfc2307;
33
35 An object of this class encapsulates a passphrase hashed using the
36 MD5-based Unix crypt() hash function. This is a subclass of
37 Authen::Passphrase, and this document assumes that the reader is
38 familiar with the documentation for that class.
39
40 The crypt() function in a modern Unix actually supports several
41 different passphrase schemes. This class is concerned only with one
42 particular scheme, an MD5-based algorithm designed by Poul-Henning Kamp
43 and originally implemented in FreeBSD. To handle the whole range of
44 passphrase schemes supported by the modern crypt(), see the from_crypt
45 constructor and the as_crypt method in Authen::Passphrase.
46
47 The MD5-based crypt() scheme uses the whole passphrase, a salt which
48 can in principle be an arbitrary byte string, and the MD5 message
49 digest algorithm. First the passphrase and salt are hashed together,
50 yielding an MD5 message digest. Then a new digest is constructed,
51 hashing together the passphrase, the salt, and the first digest, all in
52 a rather complex form. Then this digest is passed through a thousand
53 iterations of a function which rehashes it together with the passphrase
54 and salt in a manner that varies between rounds. The output of the
55 last of these rounds is the resulting passphrase hash.
56
57 In the crypt() function the raw hash output is then represented in
58 ASCII as a 22-character string using a base 64 encoding. The base 64
59 digits are ".", "/", "0" to "9", "A" to "Z", "a" to "z" (in ASCII
60 order). Because the base 64 encoding can represent 132 bits in 22
61 digits, more than the 128 required, the last digit can only take four
62 of the base 64 digit values. An additional complication is that the
63 bytes of the raw algorithm output are permuted in a bizarre order
64 before being represented in base 64.
65
66 There is no tradition of handling these passphrase hashes in raw binary
67 form. The textual encoding described above, including the final
68 permutation, is used universally, so this class does not support any
69 binary format.
70
71 The complex algorithm was designed to be slow to compute, in order to
72 resist brute force attacks. However, the complexity is fixed, and the
73 operation of Moore's Law has rendered it far less expensive than
74 intended. If efficiency of a brute force attack is a concern, see
75 Authen::Passphrase::BlowfishCrypt.
76
78 Authen::Passphrase::MD5Crypt->new(ATTR => VALUE, ...)
79 Generates a new passphrase recogniser object using the MD5-based
80 crypt() algorithm. The following attributes may be given:
81
82 salt
83 The salt, as a raw string. It may be any byte string, but in
84 crypt() usage it is conventionally limited to zero to eight
85 base 64 digits.
86
87 salt_random
88 Causes salt to be generated randomly. The value given for this
89 attribute is ignored. The salt will be a string of eight base
90 64 digits. The source of randomness may be controlled by the
91 facility described in Data::Entropy.
92
93 hash_base64
94 The hash, as a string of 22 base 64 digits. This is the final
95 part of what crypt() outputs.
96
97 passphrase
98 A passphrase that will be accepted.
99
100 The salt must be given, and either the hash or the passphrase.
101
102 Authen::Passphrase::MD5Crypt->from_crypt(PASSWD)
103 Generates a new passphrase recogniser object using the MD5-based
104 crypt() algorithm, from a crypt string. The crypt string must
105 consist of "$1$", the salt, "$", then 22 base 64 digits giving the
106 hash. The salt may be up to 8 characters long, and cannot contain
107 "$" or any character that cannot appear in a crypt string.
108
109 Authen::Passphrase::MD5Crypt->from_rfc2307(USERPASSWORD)
110 Generates a new passphrase recogniser object using the MD5-based
111 crypt() algorithm, from an RFC 2307 string. The string must
112 consist of "{CRYPT}" (case insensitive) followed by an acceptable
113 crypt string.
114
116 $ppr->salt
117 Returns the salt, in raw form.
118
119 $ppr->hash_base64
120 Returns the hash value, as a string of 22 base 64 digits.
121
122 $ppr->match(PASSPHRASE)
123 $ppr->as_crypt
124 $ppr->as_rfc2307
125 These methods are part of the standard Authen::Passphrase
126 interface. Not every passphrase recogniser of this type can be
127 represented as a crypt string: the crypt format only allows the
128 salt to be up to eight bytes, and it cannot contain any NUL or "$"
129 characters.
130
132 Authen::Passphrase, Crypt::PasswdMD5
133
135 Andrew Main (Zefram) <zefram@fysh.org>
136
138 Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
139 <zefram@fysh.org>
140
142 This module is free software; you can redistribute it and/or modify it
143 under the same terms as Perl itself.
144
145
146
147perl v5.36.0 2022-07-22 Authen::Passphrase::MD5Crypt(3)