libcrypt-passwdmd5-perl-1.3/0000755000175000017500000000000010014374617021611 5ustar florian_ernstflorian_ernst00000000000000libcrypt-passwdmd5-perl-1.3/Makefile.PL0000644000175000017500000000135710014374415023565 0ustar florian_ernstflorian_ernst00000000000000use ExtUtils::MakeMaker; # See lib/ExtUtils/MakeMaker.pm for details of how to influence # the contents of the Makefile that is written. # $Id: Makefile.PL,v 1.2 2004/02/17 11:20:45 lem Exp $ print < 'Crypt::PasswdMD5', 'VERSION_FROM' => 'PasswdMD5.pm', 'LIBS' => [''], 'INC' => '', ($] >= 5.005 ? (ABSTRACT_FROM => 'PasswdMD5.pm', AUTHOR => 'Luis E. Muņoz ') : ()), ); libcrypt-passwdmd5-perl-1.3/MANIFEST0000644000175000017500000000020710014374617022741 0ustar florian_ernstflorian_ernst00000000000000MANIFEST Makefile.PL PasswdMD5.pm README t/basic.t META.yml Module meta-data (added by MakeMaker) libcrypt-passwdmd5-perl-1.3/META.yml0000644000175000017500000000045710014374617023070 0ustar florian_ernstflorian_ernst00000000000000# http://module-build.sourceforge.net/META-spec.html #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX# name: Crypt-PasswdMD5 version: 1.3 version_from: PasswdMD5.pm installdirs: site requires: distribution_type: module generated_by: ExtUtils::MakeMaker version 6.17 libcrypt-passwdmd5-perl-1.3/PasswdMD5.pm0000644000175000017500000001432210014374502023711 0ustar florian_ernstflorian_ernst00000000000000# # Crypt::PasswdMD5: Module to provide an interoperable crypt() # function for modern Unix O/S. This is based on the code for # # /usr/src/libcrypt/crypt.c # # on a FreeBSD 2.2.5-RELEASE system, which included the following # notice. # # ---------------------------------------------------------------------------- # "THE BEER-WARE LICENSE" (Revision 42): # wrote this file. As long as you retain this notice you # can do whatever you want with this stuff. If we meet some day, and you think # this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp # ---------------------------------------------------------------------------- # # $Id: PasswdMD5.pm,v 1.3 2004/02/17 11:21:38 lem Exp $ # ################ package Crypt::PasswdMD5; $VERSION='1.3'; require 5.000; require Exporter; @ISA = qw(Exporter); @EXPORT = qw(unix_md5_crypt apache_md5_crypt); =head1 NAME Crypt::PasswdMD5 - Provides interoperable MD5-based crypt() functions =head1 SYNOPSIS use Crypt::PasswdMD5; $cryptedpassword = unix_md5_crypt($password, $salt); $apachepassword = apache_md5_crypt($password, $salt); =head1 DESCRIPTION the C provides a crypt()-compatible interface to the rather new MD5-based crypt() function found in modern operating systems. It's based on the implementation found on FreeBSD 2.2.[56]-RELEASE and contains the following license in it: "THE BEER-WARE LICENSE" (Revision 42): wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp C provides a function compatible with Apache's C<.htpasswd> files. This was contributed by Bryan Hart . As suggested by William A. Rowe, Jr. , it is exported by default. For both functions, if a salt value is not supplied, a random salt will be generated. Contributed by John Peacock . =cut $Magic = q/$1$/; # Magic string $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; use Digest::MD5; sub to64 { my ($v, $n) = @_; my $ret = ''; while (--$n >= 0) { $ret .= substr($itoa64, $v & 0x3f, 1); $v >>= 6; } $ret; } sub apache_md5_crypt { # change the Magic string to match the one used by Apache local $Magic = q/$apr1$/; unix_md5_crypt(@_); } sub unix_md5_crypt { my($pw, $salt) = @_; my $passwd; if ( defined $salt ) { $salt =~ s/^\Q$Magic//; # Take care of the magic string if # if present. $salt =~ s/^(.*)\$.*$/$1/; # Salt can have up to 8 chars... $salt = substr($salt, 0, 8); } else { $salt = ''; # in case no salt was proffered $salt .= substr($itoa64,int(rand(64)+1),1) while length($salt) < 8; } $ctx = new Digest::MD5; # Here we start the calculation $ctx->add($pw); # Original password... $ctx->add($Magic); # ...our magic string... $ctx->add($salt); # ...the salt... my ($final) = new Digest::MD5; $final->add($pw); $final->add($salt); $final->add($pw); $final = $final->digest; for ($pl = length($pw); $pl > 0; $pl -= 16) { $ctx->add(substr($final, 0, $pl > 16 ? 16 : $pl)); } # Now the 'weird' xform for ($i = length($pw); $i; $i >>= 1) { if ($i & 1) { $ctx->add(pack("C", 0)); } # This comes from the original version, # where a memset() is done to $final # before this loop. else { $ctx->add(substr($pw, 0, 1)); } } $final = $ctx->digest; # The following is supposed to make # things run slower. In perl, perhaps # it'll be *really* slow! for ($i = 0; $i < 1000; $i++) { $ctx1 = new Digest::MD5; if ($i & 1) { $ctx1->add($pw); } else { $ctx1->add(substr($final, 0, 16)); } if ($i % 3) { $ctx1->add($salt); } if ($i % 7) { $ctx1->add($pw); } if ($i & 1) { $ctx1->add(substr($final, 0, 16)); } else { $ctx1->add($pw); } $final = $ctx1->digest; } # Final xform $passwd = ''; $passwd .= to64(int(unpack("C", (substr($final, 0, 1))) << 16) | int(unpack("C", (substr($final, 6, 1))) << 8) | int(unpack("C", (substr($final, 12, 1)))), 4); $passwd .= to64(int(unpack("C", (substr($final, 1, 1))) << 16) | int(unpack("C", (substr($final, 7, 1))) << 8) | int(unpack("C", (substr($final, 13, 1)))), 4); $passwd .= to64(int(unpack("C", (substr($final, 2, 1))) << 16) | int(unpack("C", (substr($final, 8, 1))) << 8) | int(unpack("C", (substr($final, 14, 1)))), 4); $passwd .= to64(int(unpack("C", (substr($final, 3, 1))) << 16) | int(unpack("C", (substr($final, 9, 1))) << 8) | int(unpack("C", (substr($final, 15, 1)))), 4); $passwd .= to64(int(unpack("C", (substr($final, 4, 1))) << 16) | int(unpack("C", (substr($final, 10, 1))) << 8) | int(unpack("C", (substr($final, 5, 1)))), 4); $passwd .= to64(int(unpack("C", substr($final, 11, 1))), 2); $final = ''; $Magic . $salt . q/$/ . $passwd; } 1; __END__ =pod =head2 EXPORT None by default. =head1 HISTORY $Id: PasswdMD5.pm,v 1.3 2004/02/17 11:21:38 lem Exp $ 19980710 luismunoz@cpan.org: Initial release 19990402 bryan@eai.com: Added apache_md5_crypt to create a valid hash for use in .htpasswd files 20001006 wrowe@lnd.com: Requested apache_md5_crypt to be exported by default. 20010706 luismunoz@cpan.org: Use Digest::MD5 instead of the (obsolete) MD5. $Log: PasswdMD5.pm,v $ Revision 1.3 2004/02/17 11:21:38 lem Modified the POD so that ABSTRACT can work Added usage example for apache_md5_crypt() Revision 1.2 2004/02/17 11:04:35 lem Added patch for random salts from John Peacock (Thanks John!) De-MS-DOS-ified the file Replaced some '' with q// to make Emacs color highlighting happy Added CVS docs Completed the missing sections of the POD documentation Changed my email address to the Perl-related one for consistency The file is now encoded in ISO-8859-1 =head1 LICENSE AND WARRANTY This code and all accompanying software comes with NO WARRANTY. You use it at your own risk. This code and all accompanying software can be used freely under the same terms as Perl itself. =head1 AUTHOR Luis E. Muņoz =head1 SEE ALSO perl(1). =cut libcrypt-passwdmd5-perl-1.3/README0000644000175000017500000000506510014373263022473 0ustar florian_ernstflorian_ernst00000000000000-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Crypt::PasswdMD5 ================ This code provides various crypt()-compatible interfaces to the MD5-based crypt() function found in various *nixes. It's based on the implementation found on FreeBSD 2.2.[56]-RELEASE and contains the following license in it: "THE BEER-WARE LICENSE" (Revision 42): wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp To install, follow the standard CPAN recipe of: $ perl Makefile.PL $ make $ make test If all tests pass, then do $ make install You can see the documentation by issuing the following command at a nearby shell $ perldoc Crypt::PasswdMD5 Bug reports are welcome. Please do not forget to tell me what version/platform are you running this code on. Providing a small piece of code that shows the bug helps me a lot in sorting it out and possibly in writting more tests for the distribution. Report your bugs to me (luismunoz@cpan.org). SECURITY CONSIDERATIONS I have no control on the machanisms involved in the storage or transport of this distribution. This means that I cannot guarantee that the distribution you have in your hands is indeed, the same distribution I packed and uploaded. Along the distribution file, you should have a file with the extension ".asc". This contains a GPG "detached signature" that makes it impossible for anybody to alter this distribution. If security is of any concern to you, by all means verify the signature of this file and contact the author if any discrepancy is detected. You can find more information about this at the following URL http://mipagina.cantv.net/lem/gpg/ This information includes the correct keys, fingerprints, etc.Note that this README file should also be signed. LICENSE AND WARRANTY This software is (c) Luis E. Muņoz. It can be used under the terms of the perl artistic license provided that proper credit for the work of the author is preserved in the form of this copyright notice and license for this module. No warranty of any kind is expressed or implied. This code might make your computer go up in a puff of black smoke. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQFAMfZ75w8l7DtKgo8RAl9UAJwJGs/TzD73jx2rcutD30KXHOJQ9ACdFE3Q ZqgVAcK1TfgVsmoxw6RJCaE= =ND10 -----END PGP SIGNATURE----- $Id: README,v 1.2 2004/02/17 11:10:43 lem Exp $ libcrypt-passwdmd5-perl-1.3/t/0000755000175000017500000000000010014374617022054 5ustar florian_ernstflorian_ernst00000000000000libcrypt-passwdmd5-perl-1.3/t/basic.t0000644000175000017500000000207510014371552023321 0ustar florian_ernstflorian_ernst00000000000000# # Basic testing of the hashing function # use Crypt::PasswdMD5; $phrase1 = "hello world\n"; $stage1 = '$1$1234$BhY1eAOOs7IED4HLA5T5o.'; $|=1; print "1..6\n"; # Hashing of a simple phrase + salt if (unix_md5_crypt($phrase1, "1234") eq $stage1) { print "ok 1\n"; } else { print "not ok 1\n"; } # Rehash (check) of the phrase if (unix_md5_crypt($phrase1, $stage1) eq $stage1) { print "ok 2\n"; } else { print "not ok 2\n"; } # Hashing/rehashing of the empty password $t = unix_md5_crypt('', $$); if (unix_md5_crypt('', $t) eq $t) { print "ok 3\n"; } else { print "not ok 3\n"; } # Make sure null salt works $t = unix_md5_crypt('test4'); ($salt) = ($t =~ m/\$.+\$(.+)\$/); if (unix_md5_crypt('test4',$salt) eq $t) { print "ok 4\n"; } else { print "not ok 4\n"; } # and again with the Apache Variant $t = apache_md5_crypt('test5'); ($salt) = ($t =~ m/\$.+\$(.+)\$/); if (apache_md5_crypt('test5',$salt) eq $t) { print "ok 5\n"; } else { print "not ok 5\n"; } if ( $t =~ /^\$apr1\$/ ) { print "ok 6\n"; } else { print "not ok 6\n"; }