pike.git / lib / modules / Crypto.pmod / Password.pmod

version» Context lines:

pike.git/lib/modules/Crypto.pmod/Password.pmod:8:   //!   //! @seealso   //! @[verify()], @[hash()], @[crypt()]      //! Verify a password against a hash.   //!   //! This function attempts to support most common   //! password hashing schemes. The @[hash] can be on any   //! of the following formats.   //! - //! LDAP-style (RFC2307) hashes: + //! LDAP-style (@rfc{2307@}) hashes:   //! @string   //! @value "{SHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXX"   //! The @expr{XXX@} string is taken to be a @[MIME.encode_base64]   //! @[SHA1] hash of the password. Source: OpenLDAP FAQ   //! @url{http://www.openldap.org/faq/data/cache/347.html@}.   //!   //! @value "{SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"   //! The @expr{XXX@} string is taken to be a @[MIME.encode_base64]   //! string in which the first 20 chars are an @[SHA1] hash and the   //! remaining chars the salt. The input for the hash is the password
pike.git/lib/modules/Crypto.pmod/Password.pmod:77:   //! @url{http://www.akkadia.org/drepper/SHA-crypt.txt@}   //!   //! @value "$5$rounds=RR$SSSSSSSSSSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"   //! This is the same algorithm as the one above, but with the   //! number of rounds specified by @expr{RR@} in decimal. Note   //! that the number of rounds is clamped to be within   //! @expr{1000@} and @expr{999999999@} (inclusive).   //! Source: Unix crypt using SHA-256 and SHA-512   //! @url{http://www.akkadia.org/drepper/SHA-crypt.txt@}   //! + //! @value "$3$$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" + //! This is interpreted as the NT LANMANAGER (NTLM) password + //! hash. It is a hex representation of MD4 of the password. + //!   //! @value "$1$SSSSSSSS$XXXXXXXXXXXXXXXXXXXXXX"   //! The string is interpreted according to the GNU libc2 extension   //! of @expr{crypt(3C)@} where @expr{SSSSSSSS@} is up to 8 chars of   //! salt and the @expr{XXX@} string is an @[MD5]-based hash created   //! from the password and the salt. Source: GNU libc   //! @url{http://www.gnu.org/software/libtool/manual/libc/crypt.html@}.   //!   //! @value "XXXXXXXXXXXXX"   //! The @expr{XXX@} string (which doesn't begin with @expr{"{"@}) is   //! taken to be a password hashed using the classic unix
pike.git/lib/modules/Crypto.pmod/Password.pmod:134:    case "ssha":    // SHA1 and Salted SHA1.    hash = MIME.decode_base64(hash);    password += hash[20..];    hash = hash[..19];    return Crypto.SHA1.hash(password) == hash;       case "crypt": // RFC 2307    // First try the operating systems crypt(3C),    // since it might support more schemes than we do. +  catch {    if ((hash == "") || crypt(password, hash)) return 1; -  +  };    if (hash[0] != '$') {    if (hash[0] == '_') {    // FIXME: BSDI-style crypt(3C).    }    return 0;    }       // Then try our implementations.    sscanf(hash, "$%s$%s$%s", scheme, string(8bit) salt, string(8bit) hash);    if( !salt || !hash ) return 0;
pike.git/lib/modules/Crypto.pmod/Password.pmod:160:    switch(scheme) {    case "1": // crypt_md5    return Nettle.crypt_md5(password, salt) == [string(7bit)]hash;       case "2": // Blowfish (obsolete)    case "2a": // Blowfish (possibly weak)    case "2x": // Blowfish (weak)    case "2y": // Blowfish (stronger)    break;    +  case "nt":    case "3": // MD4 NT LANMANAGER (FreeBSD) -  +  return this::hash(password, "3")[4..] == [string(7bit)]hash;    break;       // cf http://www.akkadia.org/drepper/SHA-crypt.txt    case "5": // SHA-256    return Crypto.SHA256.crypt_hash(password, salt, rounds) ==    [string(7bit)]hash;   #if constant(Crypto.SHA512)    case "6": // SHA-512    return Crypto.SHA512.crypt_hash(password, salt, rounds) ==    [string(7bit)]hash;
pike.git/lib/modules/Crypto.pmod/Password.pmod:208:   //! @value "6"   //! @value "$6$"   //! @[SHA512.crypt_hash()] with 96 bits of salt and a default   //! of @expr{5000@} rounds.   //!   //! @value "5"   //! @value "$5$"   //! @[SHA256.crypt_hash()] with 96 bits of salt and a default   //! of @expr{5000@} rounds.   //! + //! @value "3" + //! @value "NT" + //! The NTLM MD4 hash. + //!   //! @value "1"   //! @value "$1$"   //! @[MD5.crypt_hash()] with 48 bits of salt and @expr{1000@} rounds.   //!   //! @value ""   //! @[predef::crypt()] with 12 bits of salt.   //!   //! @endstring   //! - //! LDAP (RFC2307)-style. Don't use these if you can avoid it, + //! LDAP (@rfc{2307@})-style. Don't use these if you can avoid it,   //! since they are suspectible to attacks. In particular avoid   //! the unsalted variants at all costs:   //! @string   //! @value "ssha"   //! @value "{ssha}"   //! @[SHA1.hash()] with 96 bits of salt appended to the password.   //!   //! @value "smd5"   //! @value "{smd5}"   //! @[MD5.hash()] with 96 bits of salt appended to the password.
pike.git/lib/modules/Crypto.pmod/Password.pmod:260:   //! @note   //! This function was added in Pike 7.8.755.   //!   //! @seealso   //! @[verify()], @[predef::crypt()], @[Nettle.crypt_md5()],   //! @[Nettle.Hash()->crypt_hash()]   string(7bit) hash(string(8bit) password, string(7bit)|void scheme,    int|void rounds)   {    function(string(8bit), string(7bit), int:string(8bit)) crypt_hash; -  int salt_size = 16; +  int(0..) salt_size = 16;    int default_rounds = 5000;       string(7bit) render_crypt_hash(string(7bit) scheme, string(7bit) salt,    string(8bit) hash, int rounds)    {    if (rounds != default_rounds) {    salt = "rounds=" + rounds + "$" + salt;    }       // We claim this to be a string(7bit) string, even though we add
pike.git/lib/modules/Crypto.pmod/Password.pmod:313:    case "$1$":    crypt_hash = Crypto.MD5.crypt_hash;    salt_size = 8;    rounds = 1000; // Currently only 1000 rounds is supported.    default_rounds = 1000;    scheme = "1";    break;    case "":    return crypt(password);    +  case "nt": +  scheme = "NT"; +  case "3": +  password = [string(8bit)](reverse((string_to_unicode(password)/2)[*])*""); +  return "$"+scheme+"$$"+String.string2hex(Crypto.MD4.hash(password)); +     case "sha":    case "{sha}":    salt_size = 0;    // FALL_THROUGH    case "ssha":    case "{ssha}":    crypt_hash = lambda(string(8bit) passwd, string(7bit) salt, int rounds) {    return Crypto.SHA1.hash(passwd + salt);    };    render_hash = render_ldap_hash;
pike.git/lib/modules/Crypto.pmod/Password.pmod:345:    break;       default:    error("Unsupported hashing scheme: %O\n", scheme);    }       if (!rounds) rounds = default_rounds;       // NB: The salt must be printable.    string(7bit) salt = -  MIME.encode_base64(Crypto.Random.random_string(salt_size))[..salt_size-1]; +  [string(7bit)]replace(MIME.encode_base64(random_string(salt_size))[..salt_size-1], "+", ".");       string(8bit) hash = crypt_hash(password, salt, rounds);       return render_hash([string(7bit)]scheme, salt, hash, rounds);   } -  +