.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "Authen::Passphrase::VMSPurdy 3pm" .TH Authen::Passphrase::VMSPurdy 3pm "2022-06-08" "perl v5.34.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Authen::Passphrase::VMSPurdy \- passphrases with the VMS Purdy polynomial system .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use Authen::Passphrase::VMSPurdy; \& \& $ppr = Authen::Passphrase::VMSPurdy\->new( \& username => "jrandom", salt => 25362, \& hash_hex => "832a0c270179584a"); \& \& $ppr = Authen::Passphrase::VMSPurdy\->new( \& username => "jrandom", salt_random => 1, \& passphrase => "passphrase"); \& \& $ppr = Authen::Passphrase::VMSPurdy\->from_crypt( \& \*(Aq$VMS3$1263832A0C270179584AJRANDOM\*(Aq); \& \& $ppr = Authen::Passphrase::VMSPurdy\->from_rfc2307( \& \*(Aq{CRYPT}$VMS3$1263832A0C270179584AJRANDOM\*(Aq); \& \& $algorithm = $ppr\->algorithm; \& $username = $ppr\->username; \& $salt = $ppr\->salt; \& $hash = $ppr\->hash; \& $hash_hex = $ppr\->hash_hex; \& \& if($ppr\->match($passphrase)) { ... \& \& $passwd = $ppr\->as_crypt; \& $userPassword = $ppr\->as_rfc2307; .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" An object of this class encapsulates a passphrase hashed using one of the Purdy polynomial hash functions used in \s-1VMS.\s0 This is a subclass of Authen::Passphrase, and this document assumes that the reader is familiar with the documentation for that class. .PP The core of the Purdy polynomial hashing algorithm transforms one 64\-bit number into another 64\-bit number. It was developed by George B. Purdy, and described in the paper \&\*(L"A High Security Log-in Procedure\*(R" which can be found at . .PP For practical use in passphrase hashing, the Purdy polynomial must be augmented by a procedure to turn a variable-length passphrase into the initial 64\-bit number to be hashed. In \s-1VMS\s0 this pre-hashing phase also incorporates the username of the account to which access is being controlled, in order to prevent identical passphrases yielding identical hashes. This is a form of salting. Another salt parameter, a 16\-bit integer, is also included, this one going under the name \*(L"salt\*(R". .PP There are three variants of the pre-hashing algorithm. The original version, known as "\fB\s-1PURDY\s0\fR\*(L" and used during field testing of \s-1VMS 2.0,\s0 truncates or space-pads the username to a fixed length. The second version, known as \*(R"\fB\s-1PURDY_V\s0\fR\*(L" and used from \s-1VMS 2.0\s0 up to (but not including) \s-1VMS 5.4,\s0 properly handles the variable-length nature of the username. The third version, known as \*(R"\fB\s-1PURDY_S\s0\fR" and used from \&\s-1VMS 5.4\s0 onwards, performs some extra bit rotations to avoid aliasing problems when pre-hashing long strings. All three versions are supported by this module. .PP \&\s-1VMS\s0 heavily restricts the composition of both usernames and passphrases. They may only contain alphanumerics, "\fB$\fR\*(L", and \*(R"\fB_\fR". Case is insignificant. Usernames must be between 1 and 31 characters long, and passphrases must be between 1 and 32 characters long. This module enforces these rules. An invalid passphrase is never accepted as matching. .SH "CONSTRUCTORS" .IX Header "CONSTRUCTORS" .IP "Authen::Passphrase::VMSPurdy\->new(\s-1ATTR\s0 => \s-1VALUE, ...\s0)" 4 .IX Item "Authen::Passphrase::VMSPurdy->new(ATTR => VALUE, ...)" Generates a new passphrase recogniser object using the \s-1VMS\s0 Purdy polynomial algorithm family. The following attributes may be given: .RS 4 .IP "\fBalgorithm\fR" 4 .IX Item "algorithm" A string indicating which variant of the algorithm is to be used. Valid values are "\fB\s-1PURDY\s0\fR\*(L" (the original), \*(R"\fB\s-1PURDY_V\s0\fR\*(L" (modified to use full length of the username), and \*(R"\fB\s-1PURDY_S\s0\fR\*(L" (extra rotations to avoid aliasing when processing long strings). Default \*(R"\fB\s-1PURDY_S\s0\fR". .IP "\fBusername\fR" 4 .IX Item "username" A string to be used as the `username' salt parameter. It is limited to \&\s-1VMS\s0 username syntax. .IP "\fBsalt\fR" 4 .IX Item "salt" The salt, as an integer in the range [0, 65536). .IP "\fBsalt_hex\fR" 4 .IX Item "salt_hex" The salt, as a string of four hexadecimal digits. The first two digits must give the least-significant byte and the last two give the most-significant byte, with most-significant nybble first within each byte. .IP "\fBsalt_random\fR" 4 .IX Item "salt_random" Causes salt to be generated randomly. The value given for this attribute is ignored. The source of randomness may be controlled by the facility described in Data::Entropy. .IP "\fBhash\fR" 4 .IX Item "hash" The hash, as a string of eight bytes. .IP "\fBhash_hex\fR" 4 .IX Item "hash_hex" The hash, as a string of 16 hexadecimal digits. .IP "\fBpassphrase\fR" 4 .IX Item "passphrase" A passphrase that will be accepted. It is limited to \s-1VMS\s0 passphrase syntax. .RE .RS 4 .Sp The username and salt must be given, and either the hash or the passphrase. .RE .IP "Authen::Passphrase::VMSPurdy\->from_crypt(\s-1PASSWD\s0)" 4 .IX Item "Authen::Passphrase::VMSPurdy->from_crypt(PASSWD)" Generates a new passphrase recogniser object using the \s-1VMS\s0 Purdy polynomial algorithm family, from a crypt string. The string must consist of an algorithm identifier, the salt in hexadecimal, the hash in hexadecimal, then the username. The salt must be given as four hexadecimal digits, the first two giving the least-significant byte and the last two giving the most-significant byte, with most-significant nybble first within each byte. The algorithm identifier must be "\fB\f(CB$VMS1\fB$\fR\*(L" for \*(R"\fB\s-1PURDY\s0\fR\*(L", \*(R"\fB\f(CB$VMS2\fB$\fR\*(L" for \*(R"\fB\s-1PURDY_V\s0\fR\*(L", or \*(R"\fB\f(CB$VMS3\fB$\fR\*(L" for \*(R"\fB\s-1PURDY_S\s0\fR". The whole crypt string must be uppercase. .IP "Authen::Passphrase::VMSPurdy\->from_rfc2307(\s-1USERPASSWORD\s0)" 4 .IX Item "Authen::Passphrase::VMSPurdy->from_rfc2307(USERPASSWORD)" Generates a new passphrase recogniser object using the \s-1VMS\s0 Purdy polynomial algorithm family, from an \s-1RFC 2307\s0 string. The string must consist of "\fB{\s-1CRYPT\s0}\fR" (case insensitive) followed by an acceptable crypt string. .SH "METHODS" .IX Header "METHODS" .ie n .IP "$ppr\->algorithm" 4 .el .IP "\f(CW$ppr\fR\->algorithm" 4 .IX Item "$ppr->algorithm" Returns the algorithm variant identifier string. It may be "\fB\s-1PURDY\s0\fR\*(L" (the original), \*(R"\fB\s-1PURDY_V\s0\fR\*(L" (modified to use full length of the username), and \*(R"\fB\s-1PURDY_S\s0\fR" (extra rotations to avoid aliasing when processing long strings). .ie n .IP "$ppr\->username" 4 .el .IP "\f(CW$ppr\fR\->username" 4 .IX Item "$ppr->username" Returns the username string. All alphabetic characters in it are uppercase, which is the canonical form. .ie n .IP "$ppr\->salt" 4 .el .IP "\f(CW$ppr\fR\->salt" 4 .IX Item "$ppr->salt" Returns the salt, as an integer. .ie n .IP "$ppr\->salt_hex" 4 .el .IP "\f(CW$ppr\fR\->salt_hex" 4 .IX Item "$ppr->salt_hex" Returns the salt, as a string of four hexadecimal digits. The first two digits give the least-significant byte and the last two give the most-significant byte, with most-significant nybble first within each byte. .ie n .IP "$ppr\->hash" 4 .el .IP "\f(CW$ppr\fR\->hash" 4 .IX Item "$ppr->hash" Returns the hash value, as a string of eight bytes. .ie n .IP "$ppr\->hash_hex" 4 .el .IP "\f(CW$ppr\fR\->hash_hex" 4 .IX Item "$ppr->hash_hex" Returns the hash value, as a string of 16 uppercase hexadecimal digits. .ie n .IP "$ppr\->match(\s-1PASSPHRASE\s0)" 4 .el .IP "\f(CW$ppr\fR\->match(\s-1PASSPHRASE\s0)" 4 .IX Item "$ppr->match(PASSPHRASE)" .PD 0 .ie n .IP "$ppr\->as_crypt" 4 .el .IP "\f(CW$ppr\fR\->as_crypt" 4 .IX Item "$ppr->as_crypt" .ie n .IP "$ppr\->as_rfc2307" 4 .el .IP "\f(CW$ppr\fR\->as_rfc2307" 4 .IX Item "$ppr->as_rfc2307" .PD These methods are part of the standard Authen::Passphrase interface. .SH "SEE ALSO" .IX Header "SEE ALSO" Authen::DecHpwd, Authen::Passphrase .SH "AUTHOR" .IX Header "AUTHOR" Andrew Main (Zefram) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram) .SH "LICENSE" .IX Header "LICENSE" This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.