#!/usr/bin/perl
use warnings;
use strict;
use Crypt::Eksblowfish::Bcrypt qw(bcrypt);
my $settings = '$2$07$abcdefghijklmnopkC2SI.'; #hash identifier + salt
my $hash = 'SY5XUDcstCvd.D7IsnwxqkBQmKD548W';
my $hashed = bcrypt('password', $settings);
print "\n$hashed\n";
print $settings.$hash."\n\n";
$settings = '$2a$05$abcdefghijklmnopqrstuu';
$hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui';
my $password = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQR
+STUVWXYZ0123456789';
$hashed = bcrypt($password, $settings);
print "$hashed\n";
print $settings.$hash."\n\n";
$settings = '$2a$05$abcdefghijklmnopqrstuu';
$hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui';
# just change the first digit of password
$password = '1123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU
+VWXYZ0123456789';
$hashed = bcrypt($password, $settings);
print "$hashed\n";
print $settings.$hash."\n\n";
while(<DATA>) {
chomp;
my ($checkstring, $password) = split;
# print "$checkstring\t$password\n";
#regex for the blowfish hash id and the 22 char salt
$checkstring =~ s#^(\$2a?\$\d{2}\$[A-Za-z0-9+\\.]{22})(.*)##;
# 22 is shown, may be 53 on some systems?
my($id_salt, $hash) = ($1, $2);
# print "$id_salt\t\t$hash\n";
my $hashed = bcrypt($password, $id_salt);
print "$hashed\n";
print "$hash\n";
if($hashed eq $id_salt.$hash){print "matched\n\n"}else{ print
+"NOT matched\n\n"}
}
=head1
bcrypt(PASSWORD, SETTINGS)
This is a version of "crypt" (see "crypt" in perlfunc) that impleme
+nts the
bcrypt algorithm. It does not implement any other hashing algorith
+ms, so if
others are desired then it necessary to examine the algorithm prefi
+x in SET
TINGS and dispatch between more than one version of "crypt".
SETTINGS must be a string which encodes the algorithm parameters, i
+ncluding
salt. It must begin with "$2", optional "a", "$", two digits, "$",
+ and 22
base 64 digits. The rest of the string is ignored. The presence o
+f the
optional "a" means that a NUL is to be appended to the password bef
+ore it is
used as a key. The two digits set the cost parameter. The 22 base
+ 64 dig
its encode the salt. The function will "die" if SETTINGS does not
+have this
format.
The PASSWORD is hashed according to the SETTINGS. The value return
+ed is a
string which encodes the algorithm parameters and the hash: the par
+ameters
are in the same format required in SETTINGS, and the hash is append
+ed in the
form of 31 base 64 digits. This result is suitable to be used as a
+ SETTINGS
string for input to this function: the hash part of the string is i
+gnored on
input.
=cut
# example what might be shown in /etc/shadow (without password shown)
# you must separate off the $id_salt, and compute the hash
# (id_salt+eksblowfishhash) (right password)
__DATA__
$2$07$aba.............kC2SI.cbHK1ODT5F77pYUqRNV63bd/IDxsTXq 0
$2$07$abcdee..........kC2SI.HiVB5Ax/RkxnDF2P5lQk06NBgbF/xYO 0
$2$07$abcdefghijklmnopkC2SI.7Q0nVrcMF4umRv5Pk5vDi0GlDI.lLE. 0
$2$07$abcdefghijklmnopqrstuuAgtOGDu2Z1DC3oOn6HzhbBE811IGUYu 0
$2$07$abcdefghijklmnopkC2SI.SY5XUDcstCvd.D7IsnwxqkBQmKD548W password
$2$04$abcdefghijklmnopkC2SI.q7Yf61ne/f5tu69iU.SIM68gT3LAaYy password
$2$10$abcdefghijklmnopkC2SI./wsXFeTOFgHVzDjpY2cn9yyF85o0khS password
$2$04$......................Ns4TWVMFumL/LG8wa/FMbZnvNs.EDBi password
$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm password
$2$06$......................h9TvqYVBoV1csDZEfDS/qeQHryfT7dm password
$2$07$......................A.nYdZ8J7ihz9grv6aPNwWdqpEgHssm password
$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW U*U
$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK U*U*
$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a U*U*U
$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui 01234567
+89abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
|