#!/usr/bin/env perl ## ## Author......: See docs/credits.txt ## License.....: MIT ## use strict; use warnings; use Crypt::CBC; sub module_constraints { [[0, 30], [0, 30], [0, 30], [0, 30], [-1, -1]] } sub module_generate_hash { my $word = shift; my $salt = shift; my $digest = oracle_hash ($salt, $word); my $hash = sprintf ("%s:%s", $digest, $salt); return $hash; } sub module_verify_hash { my $line = shift; my ($hash, $salt, $word) = split (':', $line); return unless defined $hash; return unless defined $salt; return unless defined $word; my $word_packed = pack_if_HEX_notation ($word); my $new_hash = module_generate_hash ($word_packed, $salt); return ($new_hash, $word); } sub oracle_hash { my ($username, $password) = @_; my $userpass = pack ('n*', unpack ('C*', uc ($username.$password))); $userpass .= pack ('C', 0) while (length ($userpass) % 8); my $key = pack ('H*', "0123456789ABCDEF"); my $iv = pack ('H*', "0000000000000000"); my $c = new Crypt::CBC ( -literal_key => 1, -cipher => "DES", -key => $key, -iv => $iv, -header => "none" ); my $key2 = substr ($c->encrypt ($userpass), length ($userpass)-8, 8); my $c2 = new Crypt::CBC ( -literal_key => 1, -cipher => "DES", -key => $key2, -iv => $iv, -header => "none" ); my $hash = substr ($c2->encrypt ($userpass), length ($userpass)-8, 8); return uc (unpack ('H*', $hash)); } 1;