2011/11/16 Adrian Stel <adisa...@gmail.com>: > Hi, > > > perhaps this is stupid question but I'm not sure where I should put > this wrapper function ;/ > > > I found in /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm > > > This is the right place ? > > =head1 SYNOPSIS > > use Authen::Passphrase::PHPass; > > $ppr = Authen::Passphrase::PHPass->new( > cost => 10, salt => "NaClNaCl", > hash_base64 => "ObRxTm/.EiiYN02xUeAQs/"); > > $ppr = Authen::Passphrase::PHPass->new( > cost => 10, salt_random => 1, > passphrase => "passphrase"); > > $ppr = Authen::Passphrase::PHPass->from_crypt( > '$P$8NaClNaClObRxTm/.EiiYN02xUeAQs/'); > > $ppr = Authen::Passphrase::PHPass->from_rfc2307( > '{CRYPT}$P$8NaClNaClObRxTm/.EiiYN02xUeAQs/'); > > $cost = $ppr->cost; > $cost_base64 = $ppr->cost_base64; > $cost = $ppr->nrounds_log2; > $cost_base64 = $ppr->nrounds_log2_base64; > $salt = $ppr->salt; > $hash = $ppr->hash; > $hash_base64 = $ppr->hash_base64; > > if($ppr->match($passphrase)) { ... > > $passwd = $ppr->as_crypt; > $userPassword = $ppr->as_rfc2307; > > =head1 DESCRIPTION > > > Best > Adrian > > 2011/11/16 Zefram <zef...@fysh.org>: >> Adrian Stel wrote: >>>'p_enc_pkg' => 'Authen::Passphrase::PHPass', >>>'p_enc_sub' => 'cost', >> >> The comment above, the example below, and a bit of googling all show that >> p_enc_pkg and p_enc_sub are together meant to name a hash function. >> Your password string will be passed through the function, and the >> resulting hash value is then managed by RT. The clearest example: >> >>>#'p_enc_pkg' => 'Crypt::MySQL', >>>#'p_enc_sub' => 'password41', >> >> Crypt::MySQL::password41() is a function to which you pass a password >> string and it returns a hash. For example, password41("hunter2") returns >> "*58815970BE77B3720276F63DB198B1FA42E5CC02". >> >> Authen::Passphrase::PHPass::cost is not a hashing function. It's >> not meant to be called as a standalone function at all. It's the >> implementation of the ->cost method on the Authen::Passphrase::PHPass >> class, and so expects to be passed an A:P:PHPass object, not a string. >> A:P:PHPass doesn't actually expose the hash function on its own, so you >> can't use it this way. >> >> In fact, the PHPass hash algorithm *can't* be properly used by RT, >> because it takes a salt input, and apparently RT can't perform salting. >> (There's a p_salt parameter, which appears to be a *fixed* salt, defeating >> the purpose.) >> >> You could write a wrapper function around A:P:PHPass that creates a >> recogniser for a supplied password and then just extracts the hash. >> The wrapper would have to fix the cost parameter and the salt. It looks >> like this: >> >> use Authen::Passphrase::PHPass (); >> sub phpass_10_aaaaaaaa($) { >> return Authen::Passphrase::PHPass->new( >> cost=>10, >> passphrase=>$_[0], >> salt=>"aaaaaaaa", >> )->hash_base64; >> } >> >> phpass_10_aaaaaaaa("hunter2") returns "LvYU3dRamxKB1.lRa4ow1/". *This* >> is a hash function and could be used by RT via p_enc_pkg and p_enc_sub. >> >> It's a bit of an abstraction inversion to use A:P:PHPass just for >> its hash function. If A:P:PHPass were wrapping some other module >> that just provides the hash then I'd point you at the other module. >> Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL. >> But A:P:PHPass implements the hash itself. Also, if there were a module >> exposing the PHPass algorithm on its own, you'd still have to write a >> wrapper, because of the cost parameter that RT has no idea how to handle. >> >> -zefram >> > > > > -- > Pozdrawiam > Adrian Stelmaszyk >
-- Pozdrawiam Adrian Stelmaszyk -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 & 29, 2011