Branch: Tag:

2017-07-16

2017-07-16 16:05:44 by Martin Nilsson <nilsson@fastmail.com>

NTLM hash added

84:   //! Source: Unix crypt using SHA-256 and SHA-512   //! @url{http://www.akkadia.org/drepper/SHA-crypt.txt@}   //! + //! @value "$3$$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" + //! This is interpreted as the NT LANMANAGER (NTLM) password + //! hash. It is a hax representation of MD4 of the password. + //!   //! @value "$1$SSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"   //! The string is interpreted according to the GNU libc2 extension   //! of @expr{crypt(3C)@} where @expr{SSSSSSSS@} is up to 8 chars of
141:    case "crypt": // RFC 2307    // First try the operating systems crypt(3C),    // since it might support more schemes than we do. +  catch {    if ((hash == "") || crypt(password, hash)) return 1; -  +  };    if (hash[0] != '$') {    if (hash[0] == '_') {    // FIXME: BSDI-style crypt(3C).
167:    case "2y": // Blowfish (stronger)    break;    +  case "nt":    case "3": // MD4 NT LANMANAGER (FreeBSD) -  +  return this::hash(password, "3")[4..] == [string(7bit)]hash;    break;       // cf http://www.akkadia.org/drepper/SHA-crypt.txt
215:   //! @[SHA256.crypt_hash()] with 96 bits of salt and a default   //! of @expr{5000@} rounds.   //! + //! @value "3" + //! @value "NT" + //! The NTLM MD4 hash. + //!   //! @value "1"   //! @value "$1$"   //! @[MD5.crypt_hash()] with 48 bits of salt and @expr{1000@} rounds.
320:    case "":    return crypt(password);    +  case "nt": +  scheme = "NT"; +  case "3": +  password = [string(8bit)](reverse((string_to_unicode(password)/2)[*])*""); +  return "$"+scheme+"$$"+String.string2hex(Crypto.MD4.hash(password)); +     case "sha":    case "{sha}":    salt_size = 0;
352:       // NB: The salt must be printable.    string(7bit) salt = -  MIME.encode_base64(random_string(salt_size))[..salt_size-1]; +  [string(7bit)]replace(MIME.encode_base64(random_string(salt_size))[..salt_size-1], "+", ".");       string(8bit) hash = crypt_hash(password, salt, rounds);       return render_hash([string(7bit)]scheme, salt, hash, rounds);   }