NAME¶
Authen::Passphrase::VMSPurdy - passphrases with the VMS Purdy polynomial system
SYNOPSIS¶
use Authen::Passphrase::VMSPurdy;
$ppr = Authen::Passphrase::VMSPurdy->new(
username => "jrandom", salt => 25362,
hash_hex => "832a0c270179584a");
$ppr = Authen::Passphrase::VMSPurdy->new(
username => "jrandom", salt_random => 1,
passphrase => "passphrase");
$ppr = Authen::Passphrase::VMSPurdy->from_crypt(
'$VMS3$1263832A0C270179584AJRANDOM');
$ppr = Authen::Passphrase::VMSPurdy->from_rfc2307(
'{CRYPT}$VMS3$1263832A0C270179584AJRANDOM');
$algorithm = $ppr->algorithm;
$username = $ppr->username;
$salt = $ppr->salt;
$hash = $ppr->hash;
$hash_hex = $ppr->hash_hex;
if($ppr->match($passphrase)) { ...
$passwd = $ppr->as_crypt;
$userPassword = $ppr->as_rfc2307;
DESCRIPTION¶
An object of this class encapsulates a passphrase hashed using one of the Purdy
polynomial hash functions used in VMS. This is a subclass of
Authen::Passphrase, and this document assumes that the reader is familiar with
the documentation for that class.
The core of the Purdy polynomial hashing algorithm transforms one 64-bit number
into another 64-bit number. It was developed by George B. Purdy, and described
in the paper "A High Security Log-in Procedure" which can be found
at
<
http://portal.acm.org/citation.cfm?id=361089&dl=GUIDE&coll=ACM&CFID=15151515&CFTOKEN=6184618>.
For practical use in passphrase hashing, the Purdy polynomial must be augmented
by a procedure to turn a variable-length passphrase into the initial 64-bit
number to be hashed. In VMS this pre-hashing phase also incorporates the
username of the account to which access is being controlled, in order to
prevent identical passphrases yielding identical hashes. This is a form of
salting. Another salt parameter, a 16-bit integer, is also included, this one
going under the name "salt".
There are three variants of the pre-hashing algorithm. The original version,
known as "
PURDY" and used during field testing of VMS 2.0,
truncates or space-pads the username to a fixed length. The second version,
known as "
PURDY_V" and used from VMS 2.0 up to (but not
including) VMS 5.4, properly handles the variable-length nature of the
username. The third version, known as "
PURDY_S" and used
from VMS 5.4 onwards, performs some extra bit rotations to avoid aliasing
problems when pre-hashing long strings. All three versions are supported by
this module.
VMS heavily restricts the composition of both usernames and passphrases. They
may only contain alphanumerics, "
$", and
"
_". Case is insignificant. Usernames must be between 1 and
31 characters long, and passphrases must be between 1 and 32 characters long.
This module enforces these rules. An invalid passphrase is never accepted as
matching.
CONSTRUCTORS¶
- Authen::Passphrase::VMSPurdy->new(ATTR => VALUE, ...)
- Generates a new passphrase recogniser object using the VMS Purdy
polynomial algorithm family. The following attributes may be given:
- algorithm
- A string indicating which variant of the algorithm is to be used. Valid
values are " PURDY" (the original),
"PURDY_V" (modified to use full length of the username),
and " PURDY_S" (extra rotations to avoid aliasing when
processing long strings). Default " PURDY_S".
- username
- A string to be used as the `username' salt parameter. It is limited to VMS
username syntax.
- salt
- The salt, as an integer in the range [0, 65536).
- salt_hex
- The salt, as a string of four hexadecimal digits. The first two digits
must give the least-significant byte and the last two give the
most-significant byte, with most-significant nybble first within each
byte.
- salt_random
- Causes salt to be generated randomly. The value given for this attribute
is ignored. The source of randomness may be controlled by the facility
described in Data::Entropy.
- hash
- The hash, as a string of eight bytes.
- hash_hex
- The hash, as a string of 16 hexadecimal digits.
- passphrase
- A passphrase that will be accepted. It is limited to VMS passphrase
syntax.
The username and salt must be given, and either the hash or the
passphrase.
- Authen::Passphrase::VMSPurdy->from_crypt(PASSWD)
- Generates a new passphrase recogniser object using the VMS Purdy
polynomial algorithm family, from a crypt string. The string must consist
of an algorithm identifier, the salt in hexadecimal, the hash in
hexadecimal, then the username. The salt must be given as four hexadecimal
digits, the first two giving the least-significant byte and the last two
giving the most-significant byte, with most-significant nybble first
within each byte. The algorithm identifier must be "
$VMS1 $" for "PURDY",
" $VMS2$" for "PURDY_V",
or " $VMS3$" for "
PURDY_S". The whole crypt string must be uppercase.
- Authen::Passphrase::VMSPurdy->from_rfc2307(USERPASSWORD)
- Generates a new passphrase recogniser object using the VMS Purdy
polynomial algorithm family, from an RFC 2307 string. The string must
consist of " {CRYPT}" (case insensitive) followed by an
acceptable crypt string.
METHODS¶
- $ppr->algorithm
- Returns the algorithm variant identifier string. It may be
"PURDY" (the original), " PURDY_V"
(modified to use full length of the username), and "
PURDY_S" (extra rotations to avoid aliasing when processing
long strings).
- $ppr->username
- Returns the username string. All alphabetic characters in it are
uppercase, which is the canonical form.
- $ppr->salt
- Returns the salt, as an integer.
- $ppr->salt_hex
- Returns the salt, as a string of four hexadecimal digits. The first two
digits give the least-significant byte and the last two give the
most-significant byte, with most-significant nybble first within each
byte.
- $ppr->hash
- Returns the hash value, as a string of eight bytes.
- $ppr->hash_hex
- Returns the hash value, as a string of 16 uppercase hexadecimal
digits.
- $ppr->match(PASSPHRASE)
- $ppr->as_crypt
- $ppr->as_rfc2307
- These methods are part of the standard Authen::Passphrase interface.
SEE ALSO¶
Authen::DecHpwd, Authen::Passphrase
AUTHOR¶
Andrew Main (Zefram) <zefram@fysh.org>
COPYRIGHT¶
Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
<zefram@fysh.org>
LICENSE¶
This module is free software; you can redistribute it and/or modify it under the
same terms as Perl itself.