pike.git / lib / modules / Crypto.pmod / Password.pmod

version» Context lines:

pike.git/lib/modules/Crypto.pmod/Password.pmod:118:   //! @value "$S$RSSSSSSSSXXXXXXXXXXXXXXXXXXXXXX"   //! The string is interpreted as a PHPass' Portable Hash password hash,   //! where the base hashing alorithm has been switched to @[SHA256].   //! This method is apparently used by some versions of Drupal.   //!   //! @value "XXXXXXXXXXXXX"   //! The @expr{XXX@} string (which doesn't begin with @expr{"{"@}) is   //! taken to be a password hashed using the classic unix   //! @expr{crypt(3C)@} function. If the string contains only chars   //! from the set @expr{[a-zA-Z0-9./]@} it uses DES and the first two - //! characters as salt, but other alternatives might be possible + //! characters as salt, but other alternatives may be possible   //! depending on the @expr{crypt(3C)@} implementation in the   //! operating system.   //!   //! @value ""   //! The empty password hash matches all passwords.   //! @endstring   //!   //! @returns   //! Returns @expr{1@} on success, and @expr{0@} (zero) otherwise.   //!
pike.git/lib/modules/Crypto.pmod/Password.pmod:258: Inside #if constant(Crypto.SHA512)
   case "S": // PHPass Portable Hash SHA512.    salt = hash[..8];    hash = hash[9..];    return Crypto.SHA512.crypt_php(passwd, salt) == hash;    break;   #endif       case "sha1": // SHA1-HMAC    rounds = (int)salt;    sscanf(hash, "%s$%s", salt, hash); -  return Crypto.SHA1.HMAC.crypt_hash(password, salt, rounds) == -  [string(7bit)]hash; +  return Crypto.SHA1.HMAC.crypt_hash(password, salt, rounds) == hash;    break;    }    break;    }    return 0;   }      //! Generate a hash of @[password] suitable for @[verify()].   //!   //! @param password
pike.git/lib/modules/Crypto.pmod/Password.pmod:383:   //! Note that the availability of @[SHA512] depends on the version   //! of @[Nettle] that Pike has been compiled with.   //!   //! @note   //! This function was added in Pike 7.8.755.   //!   //! @seealso   //! @[verify()], @[predef::crypt()], @[Nettle.crypt_md5()],   //! @[Nettle.Hash()->crypt_hash()]   string(7bit) hash(string(8bit) password, string(7bit)|void scheme, -  int|void rounds) +  int(0..)|void rounds)   { -  function(string(8bit), string(7bit), int:string(7bit)) crypt_hash; +  function(string(8bit), string(7bit), int(0..):string(7bit)) crypt_hash;    int(0..) salt_size = 16; -  int default_rounds = 5000; +  int(0..) default_rounds = 5000;       string(7bit) render_crypt_hash(string(7bit) scheme, string(7bit) salt,    string(7bit) hash, int rounds)    {    if (rounds != default_rounds) {    salt = "rounds=" + rounds + "$" + salt;    }    return sprintf("$%s$%s$%s", scheme, salt, hash);    };   
pike.git/lib/modules/Crypto.pmod/Password.pmod:423:    while (rounds) {    rounds >>= 1;    exp2++;    }    }    return sprintf("%s%c%s%s",    scheme, "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"[exp2],    salt, hash);    };    -  string(7bit) render_ldap_hash(string(8bit) scheme, string(7bit) salt, -  string(8bit) hash, int rounds) +  string(7bit) render_ldap_hash(string(7bit) scheme, string(7bit) salt, +  string(7bit) hash, int rounds)    {    if (scheme[0] != '{') scheme = "{" + scheme + "}"; -  return [string(7bit)]upper_case(scheme) + MIME.encode_base64(hash + salt); +  return [string(7bit)](upper_case(scheme) + hash);    };    -  function(string(7bit), string(7bit), string(8bit), int:string(7bit)) render_hash = render_crypt_hash; +  function(string(7bit), string(7bit), string(7bit), int(0..):string(7bit)) +  render_hash = render_crypt_hash;       switch(lower_case(scheme)) {    case "crypt":    case "{crypt}":    case UNDEFINED:    // FALL_THROUGH   #if constant(Crypto.SHA512)    case "6":    case "$6$":    crypt_hash = Crypto.SHA512.crypt_hash;
pike.git/lib/modules/Crypto.pmod/Password.pmod:473:    password = [string(8bit)](reverse((string_to_unicode(password)/2)[*])*"");    return "$"+scheme+"$$"+String.string2hex(Crypto.MD4.hash(password));       case "sha":    case "{sha}":    salt_size = 0;    // FALL_THROUGH    case "ssha":    case "{ssha}":    crypt_hash = lambda(string(8bit) passwd, string(7bit) salt, int rounds) { -  return Crypto.SHA1.hash(passwd + salt); +  return MIME.encode_base64(Crypto.SHA1.hash(passwd + salt) + +  salt);    };    render_hash = render_ldap_hash;    break;       case "md5":    case "{md5}":    salt_size = 0;    // FALL_THROUGH    case "smd5":    case "{smd5}":    crypt_hash = lambda(string(8bit) passwd, string(8bit) salt, int rounds) { -  return Crypto.MD5.hash(passwd + salt); +  return MIME.encode_base64(Crypto.MD5.hash(passwd + salt) + +  salt);    };    render_hash = render_ldap_hash;    break;       case "sha1":    case "$sha1$":    // NetBSD-style crypt_sha1().    crypt_hash = Crypto.SHA1.HMAC.crypt_hash;    render_hash = render_old_crypt_hash;    // Defaults taken from PassLib.