1Authen::Passphrase::BigUCsreyrptC(o3nptmr)ibuted Perl DoAcuutmheennt:a:tPiaosnsphrase::BigCrypt(3pm)
2
3
4

NAME

6       Authen::Passphrase::BigCrypt - passphrases using bigcrypt algorithm
7

SYNOPSIS

9               use Authen::Passphrase::BigCrypt;
10
11               $ppr = Authen::Passphrase::BigCrypt->new(
12                       salt_base64 => "qi",
13                       hash_base64 => "yh4XPJGsOZ2MEAyLkfWqeQ");
14
15               $ppr = Authen::Passphrase::BigCrypt->new(
16                       salt_random => 12,
17                       passphrase => "passphrase");
18
19               $salt = $ppr->salt;
20               $salt_base64 = $ppr->salt_base64_2;
21               $hash = $ppr->hash;
22               $hash_base64 = $ppr->hash_base64;
23
24               $pprs = $ppr->sections;
25
26               if($ppr->match($passphrase)) { ...
27

DESCRIPTION

29       An object of this class encapsulates a passphrase hashed using the
30       "bigcrypt" hash function found in HP-UX, Digital Unix, OSF/1, and some
31       other flavours of Unix.  Do not confuse this with the "crypt16" found
32       on Ultrix and Tru64 (for which see Authen::Passphrase::Crypt16).  This
33       is a subclass of Authen::Passphrase, and this document assumes that the
34       reader is familiar with the documentation for that class.
35
36       This is a derivation of the original DES-based crypt function found on
37       all Unices (see Authen::Passphrase::DESCrypt).  The first eight bytes
38       of the passphrase are used as a DES key to encrypt the all-bits-zero
39       block through 25 rounds of (12-bit) salted DES, just like the original
40       crypt.  Then, if the passphrase is longer than eight bytes, the next
41       eight bytes are used as a DES key to encrypt the all-bits-zero block
42       through 25 rounds of salted DES, using as salt the first 12 bits of the
43       hash of the first section.  Then, if the passphrase is longer than
44       sixteen bytes, the next eight bytes are used, with salt consisting of
45       the first 12 bits of the hash of the second section.  This repeats
46       until the entire passphrase has been used.  The hashes of all the
47       sections are concatenated to form the final hash.
48
49       A password hash of this scheme is conventionally represented in ASCII
50       using the base 64 encoding of the underlying DES-based crypt function.
51       The first two characters give the salt for the first section, the next
52       eleven give the hash of the first section, the next eleven give the
53       hash of the second section, and so on.  A hash thus encoded is used as
54       a crypt string, on those systems where the bigcrypt algorithm is part
55       of crypt(), but the syntax clashes with that of crypt16.  This module
56       does not treat it as a crypt string syntax.
57
58       Because the sections of the passphrase are hashed separately, it is
59       possible to manipulate (e.g., crack) a section hash in isolation.  See
60       Authen::Passphrase::DESCrypt for handling of a single section.
61
62       Warning: This is a fatally flawed design, often providing less security
63       than the plain DES scheme alone.  Do not use seriously.
64

CONSTRUCTOR

66       Authen::Passphrase::BigCrypt->new(ATTR => VALUE, ...)
67           Generates a new passphrase recogniser object using the bigcrypt
68           hash algorithm.  The following attributes may be given:
69
70           salt
71               The salt for the first section, as an integer in the range [0,
72               4096).
73
74           salt_base64
75               The salt for the first section, as a string of two base 64
76               digits.
77
78           salt_random
79               Causes salt for the first section to be generated randomly.
80               The value given for this attribute must be 12, indicating
81               generation of 12 bits of salt.  The source of randomness may be
82               controlled by the facility described in Data::Entropy.
83
84           hash
85               The hash, as a string of bytes.
86
87           hash_base64
88               The hash, as a string of base 64 digits.
89
90           passphrase
91               A passphrase that will be accepted.
92
93           The salt for the first section must be given, and either the hash
94           or the passphrase.
95

METHODS

97       $ppr->salt
98           Returns the salt for the first section, as a Perl integer.
99
100       $ppr->salt_base64_2
101           Returns the salt for the first section, as a string of two base 64
102           digits.
103
104       $ppr->hash
105           Returns the hash value, as a string of bytes.
106
107       $ppr->hash_base64
108           Returns the hash value, as a string of base 64 digits.  This is the
109           concatenation of the base 64 encodings of the section hashes,
110           rather than a base64 encoding of the combined hash.
111
112       $ppr->sections
113           Returns a reference to an array of Authen::Passphrase::DESCrypt
114           passphrase recognisers for the sections of the passphrase.
115
116       $ppr->match(PASSPHRASE)
117           This method is part of the standard Authen::Passphrase interface.
118

SEE ALSO

120       Authen::Passphrase, Authen::Passphrase::DESCrypt
121

AUTHOR

123       Andrew Main (Zefram) <zefram@fysh.org>
124
126       Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
127       <zefram@fysh.org>
128

LICENSE

130       This module is free software; you can redistribute it and/or modify it
131       under the same terms as Perl itself.
132
133
134
135perl v5.38.0                      2023-07-20 Authen::Passphrase::BigCrypt(3pm)
Impressum