1Authen::DecHpwd(3)    User Contributed Perl Documentation   Authen::DecHpwd(3)
2
3
4

NAME

6       Authen::DecHpwd - DEC VMS password hashing
7

SYNOPSIS

9               use Authen::DecHpwd qw(
10                       UAI_C_AD_II UAI_C_PURDY UAI_C_PURDY_V UAI_C_PURDY_S
11                       lgi_hpwd
12               );
13
14               $hash = lgi_hpwd("JRANDOM", "PASSWORD", UAI_C_PURDY_S, 1234);
15
16               use Authen::DecHpwd qw(vms_username vms_password);
17
18               $username = vms_username($username);
19               $password = vms_password($password);
20

DESCRIPTION

22       This module implements the "SYS$HASH_PASSWORD" password hashing
23       function from VMS (also known as "LGI$HPWD"), and some associated VMS
24       username and password handling functions.
25
26       The password hashing function is implemented in XS, with a hideously
27       slow pure Perl backup version for systems that can't handle XS.
28

FUNCTIONS

30       UAI_C_AD_II
31       UAI_C_PURDY
32       UAI_C_PURDY_V
33       UAI_C_PURDY_S
34           These constants are used to identify the four password hashing
35           algorithms used by VMS.  They are the "UAI$C_" constants in VMS.
36
37           "UAI_C_AD_II" refers to a 32-bit CRC algorithm.  The CRC polynomial
38           used is the IEEE CRC-32 polynomial, as used in Ethernet, and in
39           this context is known as "AUTODIN-II".  The hash is merely the CRC
40           of the password.
41
42           "UAI_C_PURDY", "UAI_C_PURDY_V", and "UAI_C_PURDY_S" refer to
43           successive refinements of an algorithm based on Purdy polynomials.
44           All of these algorithms use the salt and username parameters as
45           salt, use the whole password, and return an eight-byte (64-bit)
46           hash.  The main part of the algorithm, the Purdy polynomial, is
47           identical in all three.  They differ in the pre-hashing,
48           particularly in the treatment of the username parameter.
49
50           In "UAI_C_PURDY" the username is truncated or space-padded to 12
51           characters before being hashed in.  "UAI_C_PURDY_V" accepts a
52           variable-length username.  "UAI_C_PURDY_S" accepts a variable-
53           length username and also includes the password length in the hash.
54           "UAI_C_PURDY_S" also does some extra bit rotations when hashing in
55           the username and password strings, in order to avoid aliasing.
56
57       lgi_hpwd(USERNAME, PASSWORD, ALGORITHM, SALT)
58           This is the "SYS$HASH_PASSWORD" function from VMS (also known as
59           "LGI$HPWD"), but with the parameters in a different order.  It
60           hashes the PASSWORD string in a manner determined by the other
61           parameters, and returns the hash as a string of bytes.
62
63           ALGORITHM determines which hashing algorithm will be used.  It must
64           be the value of one of the algorithm constants supplied by this
65           module (see above).
66
67           SALT must be an integer in the range [0, 2^16).  It modifies the
68           hashing so that the same password does not always produce the same
69           hash.
70
71           USERNAME is a string that is used as more salt.  In VMS it is the
72           username of the account to which the password controls access.
73
74           VMS usernames and passwords are constrained in character set and
75           length, and are case-insensitive.  This function does not enforce
76           these restrictions, nor perform canonicalisation.  If restrictions
77           and canonicalisation are desired then they must be applied
78           separately.  The functions "vms_username" and "vms_password"
79           described below may be useful.
80
81       vms_username(USERNAME)
82           Checks whether the USERNAME string matches VMS username syntax, and
83           canonicalises it.  VMS username syntax is 1 to 31 characters from
84           case-insensitive alphanumerics, "_", and "$".  If the string has
85           correct username syntax then the username is returned in canonical
86           form (uppercase).  If the string is not a username then "undef" is
87           returned.
88
89       vms_password(PASSWORD)
90           Checks whether the PASSWORD string is an acceptable VMS password,
91           and canonicalises it.  VMS password syntax is 1 to 32 characters
92           from case-insensitive alphanumerics, "_", and "$".  If the string
93           is an acceptable password then the password is returned in
94           canonical form (uppercase).  If the string is not an acceptable
95           password then "undef" is returned.
96

SEE ALSO

98       VMS::User
99

AUTHOR

101       The original C implementation of "LGI$HPWD" was written by Shawn
102       Clifford.  The code has since been developed by Davide Casale, Mario
103       Ambrogetti, Terence Lee, Jean-loup Gailly, Solar Designer, and Andrew
104       Main (Zefram).
105
106       Mike McCauley <mikem@open.com.au> created the first version of
107       "Authen::DecHpwd", establishing the Perl interface.  This was based on
108       Shawn Clifford's code without the later developments.
109
110       Andrew Main (Zefram) <zefram@fysh.org> created a new "Authen::DecHpwd"
111       based on the more developed C code presently used, and added ancillary
112       functions.
113
115       Copyright (C) 2002 Jean-loup Gailly <http://gailly.net>
116
117       Based in part on code from John the Ripper, Copyright (C) 1996-2002
118       Solar Designer
119
120       Copyright (C) 2006, 2007, 2009, 2010, 2011, 2017 Andrew Main (Zefram)
121       <zefram@fysh.org>
122

LICENSE

124       This module is free software; you can redistribute it and/or modify it
125       under the terms of the GNU General Public License as published by the
126       Free Software Foundation; either version 2 of the License, or (at your
127       option) any later version.
128
129
130
131perl v5.36.0                      2023-01-20                Authen::DecHpwd(3)
Impressum