Crypt-SaltedHash-0.11000755001750001750 015203330604 12777 5ustar00rrrr000000000000README100644001750001750 226715203330604 13747 0ustar00rrrr000000000000Crypt-SaltedHash-0.11NAME Crypt::SaltedHash - Perl interface to functions that assist in working with salted hashes. SYNOPSIS use Crypt::SaltedHash; my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1'); $csh->add('secret'); my $salted = $csh->generate; my $valid = Crypt::SaltedHash->validate($salted, 'secret'); STATUS This module is deprecated. This module has not had significant updates since 2006. There are newer modules that support more secure algorithms and hashing options, and are extensible, such as Crypt::Passphrase. DESCRIPTION The Crypt::SaltedHash module provides an object oriented interface to create salted (or seeded) hashes of clear text data. The original formalization of this concept comes from RFC-3112 and is extended by the use of different digital algorithms. AUTHOR Sascha Kiefer, The current maintainer is Robert Rothenberg COPYRIGHT AND LICENSE Copyright (C) 2005-2006, 2010, 2013, 2026 Sascha Kiefer This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. Changes100644001750001750 255615203330604 14363 0ustar00rrrr000000000000Crypt-SaltedHash-0.11Revision history for Perl module Crypt::SaltedHash 0.11 2026-05-20 14:05:07+01:00 Europe/London - Fixed metadata - Moved author tests into xt 0.10 2026-05-19 - Maintenance taken over by Robert Rothenberg - Updated the Git Repository - Updated copyright year - Minimum Perl version is v5.6.0 - Added missing prerequisites, fixes RT#116392 - Security: Use system randomness source to generate the salt CVE-2026-47372 - Security: Use constant-time comparison of hashes CVE-2026-47373 - Deprecated module - Updated README 0.09 2013-07-30 - add Test::Fatal test requires 0.08 2013-07-30 - correct version in package 0.07 2013-07-30 - switch to use Dist::Zilla - fix bug with failed regex and localization of $1 - handle some uninitialized variables - RT Bug #78505 for Crypt-SaltedHash: Noisy tests (Unescaped left brace in regex is deprecated) - RT Bug #85627 for Crypt-SaltedHash: [PATCH] POD fix 0.06 2010-02-28 - added clear method - add returns now $self 0.05 2006-08-10 - switched to Module::Build 0.04 2006-01-26 - algorithm recognition fixed 0.03 2005-11-14 - spelling fixed 0.02 2005-11-14 - fixed some bugs; added tests and documentation 0.01 2005-11-13 - original version; created by h2xs 1.23 with options -XA -n Crypt::SaltedHash LICENSE100644001750001750 4654015203330604 14116 0ustar00rrrr000000000000Crypt-SaltedHash-0.11This software is copyright (c) 2005-2006, 2010, 2013, 2026 by Sascha Kiefer . This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2005-2006, 2010, 2013, 2026 by Sascha Kiefer . This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see . Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Moe Ghoul, President of Vice That's all there is to it! --- The Perl Artistic License 1.0 --- This software is Copyright (c) 2005-2006, 2010, 2013, 2026 by Sascha Kiefer . This is free software, licensed under: The Perl Artistic License 1.0 The "Artistic License" Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder as specified below. "Copyright Holder" is whoever is named in the copyright or copyrights for the package. "You" is you, if you're thinking about copying or distributing this Package. "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as uunet.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) give non-standard executables non-standard names, and clearly document the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. You may embed this Package's interpreter within an executable of yours (by linking); this shall be construed as a mere form of aggregation, provided that the complete Standard Version of the interpreter is so embedded. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whoever generated them, and may be sold commercially, and may be aggregated with this Package. If such scripts or library files are aggregated with this Package via the so-called "undump" or "unexec" methods of producing a binary executable image, then distribution of such an image shall neither be construed as a distribution of this Package nor shall it fall under the restrictions of Paragraphs 3 and 4, provided that you do not represent such an executable image as a Standard Version of this Package. 7. C subroutines (or comparably compiled subroutines in other languages) supplied by you and linked into this Package in order to emulate subroutines and variables of the language defined by this Package shall not be considered part of this Package, but are the equivalent of input as in Paragraph 6, provided these subroutines do not change the language in any way that would cause it to fail the regression tests for the language. 8. Aggregation of this Package with a commercial distribution is always permitted provided that the use of this Package is embedded; that is, when no overt attempt is made to make this Package's interfaces visible to the end user of the commercial distribution. Such use shall not be construed as a distribution of this Package. 9. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End dist.ini100644001750001750 356415203330604 14534 0ustar00rrrr000000000000Crypt-SaltedHash-0.11name = Crypt-SaltedHash main_module = lib/Crypt/SaltedHash.pm author = Robert Rothenberg license = Perl_5 copyright_holder = Sascha Kiefer copyright_year = 2005-2006, 2010, 2013, 2026 [Meta::Contributors] [Deprecated] all = 1 [GatherDir] exclude_match = cpanfile* exclude_filename = LICENSE exclude_filename = README ;;exclude_filename = SECURITY.md exclude_filename = doap.xml [PruneCruft] [ManifestSkip] [CPANFile] [License] [DOAP] [ExecDir] [ShareDir] [MakeMaker] [Manifest] [TestRelease] [CheckExtraTests] [ConfirmRelease] [UploadToCPAN] [CopyFilesFromBuild] copy = LICENSE ;; copy = README ;;copy = SECURITY.md copy = cpanfile copy = doap.xml [@Git] allow_dirty = dist.ini push_to = origin master:master tag_format = %v commit_msg = %v%n%n%c [GitHub::Meta] repo = git://github.com/robrwo/perl-Crypt-SaltedHash.git fork = 0 [MetaResources] x_authority = cpan:RRWO bugtracker.web = http://rt.cpan.org/Public/Dist/Display.html?Name=Crypt-SaltedHash [MetaProvides::Package] [MetaYAML] [MetaJSON] [Git::Contributors] :version = 0.019 [RewriteVersion] [NextRelease] [BumpVersionAfterRelease] [Git::Commit / Commit_Changes] ; commit Changes (for new dev) allow_dirty_match = ^lib/ commit_msg = Commit Changes and bump $VERSION [UsefulReadme] type = text filename = README location = build section = name section = synopsis section = status section = description section = author section = copyright and license [RecommendedPrereqs] [AutoPrereqs] [Test::ReportPrereqs] :version = 0.022 version_extractor = Module::Metadata verify_prereqs = 1 [PodSyntaxTests] [Test::DistManifest] ; authordep Test::DistManifest [Test::CleanNamespaces] ; authordep Test::CleanNamespaces [Test::EOF] ; authordep Test::EOF ; [Test::EOL] ; :version = 0.14 [Test::Fixme] [Test::MinimumVersion] [Test::NoTabs] cpanfile100644001750001750 210515203330604 14562 0ustar00rrrr000000000000Crypt-SaltedHash-0.11# This file is generated by Dist::Zilla::Plugin::CPANFile v6.037 # Do not edit this file directly. To change prereqs, edit the `dist.ini` file. requires "Crypt::SysRandom" => "0"; requires "Digest" => "0"; requires "MIME::Base64" => "0"; requires "POSIX" => "0"; requires "perl" => "v5.6.0"; requires "strict" => "0"; on 'test' => sub { requires "File::Spec" => "0"; requires "Module::Metadata" => "0"; requires "Test::Fatal" => "0"; requires "Test::More" => "0"; requires "warnings" => "0"; }; on 'test' => sub { recommends "CPAN::Meta" => "2.120900"; }; on 'configure' => sub { requires "ExtUtils::MakeMaker" => "0"; }; on 'develop' => sub { requires "Dist::Zilla::Plugin::UsefulReadme" => "v0.4.3"; requires "Pod::Simple::Text" => "3.23"; requires "Test::CleanNamespaces" => "0.15"; requires "Test::DistManifest" => "0"; requires "Test::EOF" => "0"; requires "Test::Fixme" => "0"; requires "Test::MinimumVersion" => "0"; requires "Test::More" => "0.94"; requires "Test::NoTabs" => "0"; requires "Test::Pod" => "1.41"; requires "warnings" => "0"; }; doap.xml100644001750001750 353715203330604 14535 0ustar00rrrr000000000000Crypt-SaltedHash-0.11 Crypt-SaltedHash Perl interface to functions that assist in working with salted hashes. Robert Rothenberg Chris Weyl David Steinbrunner Gerda Shank Sascha Kiefer Sergey Romanov Perl MANIFEST100644001750001750 70415203330604 14172 0ustar00rrrr000000000000Crypt-SaltedHash-0.11# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.037 Changes LICENSE MANIFEST META.json META.yml Makefile.PL README cpanfile dist.ini doap.xml lib/Crypt/SaltedHash.pm t/00-report-prereqs.dd t/00-report-prereqs.t t/04Crypt-SaltedHash.t t/bug-localize-regex-vars.t xt/author/clean-namespaces.t xt/author/eof.t xt/author/minimum-version.t xt/author/no-tabs.t xt/author/pod-syntax.t xt/release/dist-manifest.t xt/release/fixme.t META.yml100644001750001750 244115203330604 14332 0ustar00rrrr000000000000Crypt-SaltedHash-0.11--- abstract: 'Perl interface to functions that assist in working with salted hashes.' author: - 'Robert Rothenberg ' build_requires: File::Spec: '0' Module::Metadata: '0' Test::Fatal: '0' Test::More: '0' warnings: '0' configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.037, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Crypt-SaltedHash provides: Crypt::SaltedHash: file: lib/Crypt/SaltedHash.pm version: '0.11' requires: Crypt::SysRandom: '0' Digest: '0' MIME::Base64: '0' POSIX: '0' perl: v5.6.0 strict: '0' resources: Authority: cpan:RRWO bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Crypt-SaltedHash repository: git://github.com/robrwo/perl-Crypt-SaltedHash.git version: '0.11' x_contributors: - 'Chris Weyl ' - 'David Steinbrunner ' - 'Gerda Shank ' - 'Sascha Kiefer ' - 'Sergey Romanov ' x_deprecated: 1 x_generated_by_perl: v5.42.1 x_serialization_backend: 'YAML::Tiny version 1.76' x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later' META.json100644001750001750 512715203330604 14506 0ustar00rrrr000000000000Crypt-SaltedHash-0.11{ "abstract" : "Perl interface to functions that assist in working with salted hashes.", "author" : [ "Robert Rothenberg " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.037, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Crypt-SaltedHash", "prereqs" : { "configure" : { "requires" : { "ExtUtils::MakeMaker" : "0" } }, "develop" : { "requires" : { "Dist::Zilla::Plugin::UsefulReadme" : "v0.4.3", "Pod::Simple::Text" : "3.23", "Test::CleanNamespaces" : "0.15", "Test::DistManifest" : "0", "Test::EOF" : "0", "Test::Fixme" : "0", "Test::MinimumVersion" : "0", "Test::More" : "0.94", "Test::NoTabs" : "0", "Test::Pod" : "1.41", "warnings" : "0" } }, "runtime" : { "requires" : { "Crypt::SysRandom" : "0", "Digest" : "0", "MIME::Base64" : "0", "POSIX" : "0", "perl" : "v5.6.0", "strict" : "0" } }, "test" : { "recommends" : { "CPAN::Meta" : "2.120900" }, "requires" : { "File::Spec" : "0", "Module::Metadata" : "0", "Test::Fatal" : "0", "Test::More" : "0", "warnings" : "0" } } }, "provides" : { "Crypt::SaltedHash" : { "file" : "lib/Crypt/SaltedHash.pm", "version" : "0.11" } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "http://rt.cpan.org/Public/Dist/Display.html?Name=Crypt-SaltedHash" }, "repository" : { "type" : "git", "url" : "git://github.com/robrwo/perl-Crypt-SaltedHash.git", "web" : "https://github.com/robrwo/perl-Crypt-SaltedHash" }, "x_authority" : "cpan:RRWO" }, "version" : "0.11", "x_contributors" : [ "Chris Weyl ", "David Steinbrunner ", "Gerda Shank ", "Sascha Kiefer ", "Sergey Romanov " ], "x_deprecated" : 1, "x_generated_by_perl" : "v5.42.1", "x_serialization_backend" : "Cpanel::JSON::XS version 4.40", "x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later" } Makefile.PL100644001750001750 264215203330604 15036 0ustar00rrrr000000000000Crypt-SaltedHash-0.11# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.037 use strict; use warnings; use 5.006000; use ExtUtils::MakeMaker; my %WriteMakefileArgs = ( "ABSTRACT" => "Perl interface to functions that assist in working with salted hashes.", "AUTHOR" => "Robert Rothenberg ", "CONFIGURE_REQUIRES" => { "ExtUtils::MakeMaker" => 0 }, "DISTNAME" => "Crypt-SaltedHash", "LICENSE" => "perl", "MIN_PERL_VERSION" => "5.006000", "NAME" => "Crypt::SaltedHash", "PREREQ_PM" => { "Crypt::SysRandom" => 0, "Digest" => 0, "MIME::Base64" => 0, "POSIX" => 0, "strict" => 0 }, "TEST_REQUIRES" => { "File::Spec" => 0, "Module::Metadata" => 0, "Test::Fatal" => 0, "Test::More" => 0, "warnings" => 0 }, "VERSION" => "0.11", "test" => { "TESTS" => "t/*.t" } ); my %FallbackPrereqs = ( "Crypt::SysRandom" => 0, "Digest" => 0, "File::Spec" => 0, "MIME::Base64" => 0, "Module::Metadata" => 0, "POSIX" => 0, "Test::Fatal" => 0, "Test::More" => 0, "strict" => 0, "warnings" => 0 ); unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { delete $WriteMakefileArgs{TEST_REQUIRES}; delete $WriteMakefileArgs{BUILD_REQUIRES}; $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; } delete $WriteMakefileArgs{CONFIGURE_REQUIRES} unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; WriteMakefile(%WriteMakefileArgs); author000755001750001750 015203330604 14655 5ustar00rrrr000000000000Crypt-SaltedHash-0.11/xteof.t100644001750001750 43715203330604 15737 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/xt/authoruse strict; use warnings; use Test::More; # Generated by Dist::Zilla::Plugin::Test::EOF 0.0600 eval "use Test::EOF"; plan skip_all => 'Test::EOF required to test for correct end of file flag' if $@; all_perl_files_ok({ minimum_newlines => 1, maximum_newlines => 4 }); done_testing(); release000755001750001750 015203330604 14773 5ustar00rrrr000000000000Crypt-SaltedHash-0.11/xtfixme.t100644001750001750 17615203330604 16414 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/xt/release#!perl # This test is generated by Dist::Zilla::Plugin::Test::Fixme use strict; use warnings; use Test::Fixme; run_tests(); no-tabs.t100644001750001750 54215203330604 16526 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/xt/authoruse strict; use warnings; # this test was generated with Dist::Zilla::Plugin::Test::NoTabs 0.15 use Test::More 0.88; use Test::NoTabs; my @files = ( 'lib/Crypt/SaltedHash.pm', 't/00-report-prereqs.dd', 't/00-report-prereqs.t', 't/04Crypt-SaltedHash.t', 't/bug-localize-regex-vars.t' ); notabs_ok($_) foreach @files; done_testing; t000755001750001750 015203330604 13163 5ustar00rrrr000000000000Crypt-SaltedHash-0.1100-report-prereqs.t100644001750001750 1362515203330604 16746 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/t#!perl use strict; use warnings; # This test was generated by Dist::Zilla::Plugin::Test::ReportPrereqs 0.029 use Test::More tests => 1; use Module::Metadata; use File::Spec; # from $version::LAX my $lax_version_re = qr/(?: undef | (?: (?:[0-9]+) (?: \. | (?:\.[0-9]+) (?:_[0-9]+)? )? | (?:\.[0-9]+) (?:_[0-9]+)? ) | (?: v (?:[0-9]+) (?: (?:\.[0-9]+)+ (?:_[0-9]+)? )? | (?:[0-9]+)? (?:\.[0-9]+){2,} (?:_[0-9]+)? ) )/x; # hide optional CPAN::Meta modules from prereq scanner # and check if they are available my $cpan_meta = "CPAN::Meta"; my $cpan_meta_pre = "CPAN::Meta::Prereqs"; my $HAS_CPAN_META = eval "require $cpan_meta; $cpan_meta->VERSION('2.120900')" && eval "require $cpan_meta_pre"; ## no critic # Verify requirements? my $DO_VERIFY_PREREQS = 1; sub _max { my $max = shift; $max = ( $_ > $max ) ? $_ : $max for @_; return $max; } sub _merge_prereqs { my ($collector, $prereqs) = @_; # CPAN::Meta::Prereqs object if (ref $collector eq $cpan_meta_pre) { return $collector->with_merged_prereqs( CPAN::Meta::Prereqs->new( $prereqs ) ); } # Raw hashrefs for my $phase ( keys %$prereqs ) { for my $type ( keys %{ $prereqs->{$phase} } ) { for my $module ( keys %{ $prereqs->{$phase}{$type} } ) { $collector->{$phase}{$type}{$module} = $prereqs->{$phase}{$type}{$module}; } } } return $collector; } my @include = qw( ); my @exclude = qw( ); # Add static prereqs to the included modules list my $static_prereqs = do './t/00-report-prereqs.dd'; # Merge all prereqs (either with ::Prereqs or a hashref) my $full_prereqs = _merge_prereqs( ( $HAS_CPAN_META ? $cpan_meta_pre->new : {} ), $static_prereqs ); # Add dynamic prereqs to the included modules list (if we can) my ($source) = grep { -f } 'MYMETA.json', 'MYMETA.yml'; my $cpan_meta_error; if ( $source && $HAS_CPAN_META && (my $meta = eval { CPAN::Meta->load_file($source) } ) ) { $full_prereqs = _merge_prereqs($full_prereqs, $meta->prereqs); } else { $cpan_meta_error = $@; # capture error from CPAN::Meta->load_file($source) $source = 'static metadata'; } my @full_reports; my @dep_errors; my $req_hash = $HAS_CPAN_META ? $full_prereqs->as_string_hash : $full_prereqs; # Add static includes into a fake section for my $mod (@include) { $req_hash->{other}{modules}{$mod} = 0; } for my $phase ( qw(configure build test runtime develop other) ) { next unless $req_hash->{$phase}; next if ($phase eq 'develop' and not $ENV{AUTHOR_TESTING}); for my $type ( qw(requires recommends suggests conflicts modules) ) { next unless $req_hash->{$phase}{$type}; my $title = ucfirst($phase).' '.ucfirst($type); my @reports = [qw/Module Want Have/]; for my $mod ( sort keys %{ $req_hash->{$phase}{$type} } ) { next if grep { $_ eq $mod } @exclude; my $want = $req_hash->{$phase}{$type}{$mod}; $want = "undef" unless defined $want; $want = "any" if !$want && $want == 0; if ($mod eq 'perl') { push @reports, ['perl', $want, $]]; next; } my $req_string = $want eq 'any' ? 'any version required' : "version '$want' required"; my $file = $mod; $file =~ s{::}{/}g; $file .= ".pm"; my ($prefix) = grep { -e File::Spec->catfile($_, $file) } @INC; if ($prefix) { my $have = Module::Metadata->new_from_file( File::Spec->catfile($prefix, $file) )->version; $have = "undef" unless defined $have; push @reports, [$mod, $want, $have]; if ( $DO_VERIFY_PREREQS && $HAS_CPAN_META && $type eq 'requires' ) { if ( $have !~ /\A$lax_version_re\z/ ) { push @dep_errors, "$mod version '$have' cannot be parsed ($req_string)"; } elsif ( ! $full_prereqs->requirements_for( $phase, $type )->accepts_module( $mod => $have ) ) { push @dep_errors, "$mod version '$have' is not in required range '$want'"; } } } else { push @reports, [$mod, $want, "missing"]; if ( $DO_VERIFY_PREREQS && $type eq 'requires' ) { push @dep_errors, "$mod is not installed ($req_string)"; } } } if ( @reports ) { push @full_reports, "=== $title ===\n\n"; my $ml = _max( map { length $_->[0] } @reports ); my $wl = _max( map { length $_->[1] } @reports ); my $hl = _max( map { length $_->[2] } @reports ); if ($type eq 'modules') { splice @reports, 1, 0, ["-" x $ml, "", "-" x $hl]; push @full_reports, map { sprintf(" %*s %*s\n", -$ml, $_->[0], $hl, $_->[2]) } @reports; } else { splice @reports, 1, 0, ["-" x $ml, "-" x $wl, "-" x $hl]; push @full_reports, map { sprintf(" %*s %*s %*s\n", -$ml, $_->[0], $wl, $_->[1], $hl, $_->[2]) } @reports; } push @full_reports, "\n"; } } } if ( @full_reports ) { diag "\nVersions for all modules listed in $source (including optional ones):\n\n", @full_reports; } if ( $cpan_meta_error || @dep_errors ) { diag "\n*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ***\n"; } if ( $cpan_meta_error ) { my ($orig_source) = grep { -f } 'MYMETA.json', 'MYMETA.yml'; diag "\nCPAN::Meta->load_file('$orig_source') failed with: $cpan_meta_error\n"; } if ( @dep_errors ) { diag join("\n", "\nThe following REQUIRED prerequisites were not satisfied:\n", @dep_errors, "\n" ); } pass('Reported prereqs'); # vim: ts=4 sts=4 sw=4 et: 04Crypt-SaltedHash.t100644001750001750 324715203330604 17001 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/t# Before `make install' is performed this script should be runnable with # `make test'. After `make install' it should work as `perl Crypt-SaltedHash.t' ######################### # change 'tests => 1' to 'tests => last_test_to_print'; use strict; use Test::More tests => 6; BEGIN { use_ok('Crypt::SaltedHash') } ######################### my ( $csh, $salted, $valid ); my %known_salts = ( 'MD5' => '{SMD5}vfwtsKpZn1kZ5WXDKCFqUTEyMzQ=', # 'SHA-1' => '{SSHA}kRnWqCDFvZFoV7A6cTGBdq1Xv7cxMjM0', ); foreach my $alg (keys %known_salts) { $csh = Crypt::SaltedHash->new( algorithm => $alg ); $csh->add('secret'); $salted = $csh->generate; $valid = Crypt::SaltedHash->validate( $salted, 'secret' ); ok( $valid, "$alg: default test" ); $csh = Crypt::SaltedHash->new( algorithm => $alg, salt_len => 32 ); $csh->add('secret'); $salted = $csh->generate; $valid = Crypt::SaltedHash->validate( $salted, 'secret', 32 ); ok( $valid, "$alg: salt_len test" ); $csh = Crypt::SaltedHash->new( algorithm => $alg ); $csh->add('secret'); $salted = $csh->generate; $csh->add('secret'); $salted = $csh->generate; $valid = Crypt::SaltedHash->validate( $salted, 'secretsecret' ); ok( $valid, "$alg: generate test" ); $csh = Crypt::SaltedHash->new( algorithm => $alg, salt => '1234' ); $csh->add('secret'); ok( $csh->generate eq $known_salts{$alg}, "$alg: own bin-salt test" ); $csh = Crypt::SaltedHash->new( algorithm => $alg, salt => 'HEX{31323334}' ); $csh->add('secret'); ok( $csh->generate eq $known_salts{$alg}, "$alg: own hex-salt test" ); } 00-report-prereqs.dd100644001750001750 403015203330604 17040 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/tdo { my $x = { 'configure' => { 'requires' => { 'ExtUtils::MakeMaker' => '0' } }, 'develop' => { 'requires' => { 'Dist::Zilla::Plugin::UsefulReadme' => 'v0.4.3', 'Pod::Simple::Text' => '3.23', 'Test::CleanNamespaces' => '0.15', 'Test::DistManifest' => '0', 'Test::EOF' => '0', 'Test::Fixme' => '0', 'Test::MinimumVersion' => '0', 'Test::More' => '0.94', 'Test::NoTabs' => '0', 'Test::Pod' => '1.41', 'warnings' => '0' } }, 'runtime' => { 'requires' => { 'Crypt::SysRandom' => '0', 'Digest' => '0', 'MIME::Base64' => '0', 'POSIX' => '0', 'perl' => 'v5.6.0', 'strict' => '0' } }, 'test' => { 'recommends' => { 'CPAN::Meta' => '2.120900' }, 'requires' => { 'File::Spec' => '0', 'Module::Metadata' => '0', 'Test::Fatal' => '0', 'Test::More' => '0', 'warnings' => '0' } } }; $x; }pod-syntax.t100644001750001750 25115203330604 17266 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/xt/author#!perl # This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests use strict; use warnings; use Test::More; use Test::Pod 1.41; all_pod_files_ok(); Crypt000755001750001750 015203330604 14567 5ustar00rrrr000000000000Crypt-SaltedHash-0.11/libSaltedHash.pm100644001750001750 3225415203330604 17333 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/lib/Cryptpackage Crypt::SaltedHash; use v5.6.0; use strict; use Crypt::SysRandom (); use Digest (); use MIME::Base64 (); use POSIX (); our $VERSION = '0.11'; =encoding latin1 =head1 NAME Crypt::SaltedHash - Perl interface to functions that assist in working with salted hashes. =head1 SYNOPSIS use Crypt::SaltedHash; my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1'); $csh->add('secret'); my $salted = $csh->generate; my $valid = Crypt::SaltedHash->validate($salted, 'secret'); =head1 STATUS This module is deprecated. This module has not had significant updates since 2006. There are newer modules that support more secure algorithms and hashing options, and are extensible, such as L. =head1 DESCRIPTION The C module provides an object oriented interface to create salted (or seeded) hashes of clear text data. The original formalization of this concept comes from RFC-3112 and is extended by the use of different digital algorithms. =head1 ABSTRACT =head2 Setting the data The process starts with 2 elements of data: =over =item * a clear text string (this could represent a password for instance). =item * the salt, a random seed of data. This is the value used to augment a hash in order to ensure that 2 hashes of identical data yield different output. =back For the purposes of this abstract we will analyze the steps within code that perform the necessary actions to achieve the endresult hashes. Cryptographers call this hash a digest. We will not however go into an explanation of a one-way encryption scheme. Readers of this abstract are encouraged to get information on that subject by their own. Theoretically, an implementation of a one-way function as an algorithm takes input, and provides output, that are both in binary form; realistically though digests are typically encoded and stored in a database or in a flat text or XML file. Take slappasswd5 for instance, it performs the exact functionality described above. We will use it as a black box compiled piece of code for our analysis. In pseudocode we generate a salted hash as follows: Get the source string and salt as separate binary objects Concatenate the 2 binary values Hash the concatenation into SaltedPasswordHash Base64Encode(concat(SaltedPasswordHash, Salt)) We take a clear text string and hash this into a binary object representing the hashed value of the clear text string plus the random salt. Then we have the Salt value, which are typically 4 bytes of purely random binary data represented as hexadecimal notation (Base16 as 8 bytes). Using SHA-1 as the hashing algorithm, SaltedPasswordHash is of length 20 (bytes) in raw binary form (40 bytes if we look at it in hex). Salt is then 4 bytes in raw binary form. The SHA-1 algorithm generates a 160 bit hash string. Consider that 8 bits = 1 byte. So 160 bits = 20 bytes, which is exactly what the algorithm gives us. The Base64 encoding of the binary result looks like: {SSHA}B0O0XSYdsk7g9K229ZEr73Lid7HBD9DX Take note here that the final output is a 32-byte string of data. The Base64 encoding process uses bit shifting, masking, and padding as per RFC-3548. A couple of examples of salted hashes using on the same exact clear-text string: slappasswd -s testing123 {SSHA}72uhy5xc1AWOLwmNcXALHBSzp8xt4giL slappasswd -s testing123 {SSHA}zmIAVaKMmTngrUi4UlS0dzYwVAbfBTl7 slappasswd -s testing123 {SSHA}Be3F12VVvBf9Sy6MSqpOgAdEj6JCZ+0f slappasswd -s testing123 {SSHA}ncHs4XYmQKJqL+VuyNQzQjwRXfvu6noa 4 runs of slappasswd against the same clear text string each yielded unique endresult hashes. The random salt is generated silently and never made visible. =head2 Extracting the data One of the keys to note is that the salt is dealt with twice in the process. It is used once for the actual application of randomness to the given clear text string, and then it is stored within the final output as purely Base64 encoded data. In order to perform an authentication query for instance, we must break apart the concatenation that was created for storage of the data. We accomplish this by splitting up the binary data we get after Base64 decoding the stored hash. In pseudocode we would perform the extraction and verification operations as such: Strip the hash identifier from the Digest Base64Decode(Digest, 20) Split Digest into 2 byte arrays, one for bytes 0 � 20(pwhash), one for bytes 21 � 32 (salt) Get the target string and salt as separate binary object Concatenate the 2 binary values SHA hash the concatenation into targetPasswordHash Compare targetPasswordHash with pwhash Return corresponding Boolean value Our job is to split the original digest up into 2 distinct byte arrays, one of the left 20 (0 - 20 including the null terminator) bytes and the other for the rest of the data. The left 0 � 20 bytes will represent the salted binary value we will use for a byte-by-byte data match against the new clear text presented for verification. The string presented for verification will have to be salted as well. The rest of the bytes (21 � 32) represent the random salt which when decoded will show the exact hex characters that make up the once randomly generated seed. We are now ready to verify some data. Let's start with the 4 hashes presented earlier. We will run them through our code to extract the random salt and then using that verify the clear text string hashed by slappasswd. First, let's do a verification test with an erroneous password; this should fail the matching test: {SSHA}72uhy5xc1AWOLwmNcXALHBSzp8xt4giL Test123 Hash extracted (in hex): ef6ba1cb9c5cd4058e2f098d71700b1c14b3a7cc Salt extracted (in hex): 6de2088b Hash length is: 20 Salt length is: 4 Hash presented in hex: 256bc48def0ce04b0af90dfd2808c42588bf9542 Hashes DON'T match: Test123 The match failure test was successful as expected. Now let's use known valid data through the same exact code: {SSHA}72uhy5xc1AWOLwmNcXALHBSzp8xt4giL testing123 Hash extracted (in hex): ef6ba1cb9c5cd4058e2f098d71700b1c14b3a7cc Salt extracted (in hex): 6de2088b Hash length is: 20 Salt length is: 4 Hash presented in hex: ef6ba1cb9c5cd4058e2f098d71700b1c14b3a7cc Hashes match: testing123 The process used for salted passwords should now be clear. We see that salting hashed data does indeed add another layer of security to the clear text one-way hashing process. But we also see that salted hashes should also be protected just as if the data was in clear text form. Now that we have seen salted hashes actually work you should also realize that in code it is possible to extract salt values and use them for various purposes. Obviously the usage can be on either side of the colored hat line, but the data is there. =head1 METHODS =over 4 =item B Returns a new Crypt::SaltedHash object. Possible keys for I<%options> are: =over =item * I: It's also possible to use common string representations of the algorithm (e.g. "sha256", "SHA-384"). If the argument is missing, SHA-1 will be used by default. =item * I: You can specify your on salt. You can either specify it as a sequence of characters or as a hex encoded string of the form "HEX{...}". If the argument is missing, a random seed is provided for you (recommended). =item * I: By default, the module assumes a salt length of 4 bytes (or 8, if it is encoded in hex). If you choose a different length, you have to tell the I function how long your seed was. =back =cut sub new { my ( $class, %options ) = @_; $options{algorithm} ||= 'SHA-1'; $options{salt_len} ||= 4; $options{salt} ||= &__generate_hex_salt( $options{salt_len} * 2 ); $options{algorithm} = uc( $options{algorithm} ); $options{algorithm} .= '-1' if $options{algorithm} =~ m!SHA$!; # SHA => SHA-1, HMAC-SHA => HMAC-SHA-1 my $digest = Digest->new( $options{algorithm} ); my $self = { salt => $options{salt}, algorithm => $options{algorithm}, digest => $digest, scheme => &__make_scheme( $options{algorithm} ), }; return bless $self, $class; } =item B Logically joins the arguments into a single string, and uses it to update the current digest state. For more details see L. =cut sub add { my $self = shift; $self->obj->add(@_); return $self; } =item B Resets the digest. =cut sub clear { my $self = shift; $self->{digest} = Digest->new( $self->{algorithm} ); return $self; } =item B Returns the salt in binary form. =cut sub salt_bin { my $self = shift; return $self->{salt} =~ m!^HEX\{(.*)\}$!i ? pack( "H*", $1 ) : $self->{salt}; } =item B Returns the salt in hexadecimal form ('HEX{...}') =cut sub salt_hex { my $self = shift; return $self->{salt} =~ m!^HEX\{(.*)\}$!i ? $self->{salt} : 'HEX{' . join( '', unpack( 'H*', $self->{salt} ) ) . '}'; } =item B Generates the seeded hash. Uses the I-method of L before actually performing the digest calculation, so adding more cleardata after a call of I to an instance of I has the same effect as adding the data before the call of I. =cut sub generate { my $self = shift; my $clone = $self->obj->clone; my $salt = $self->salt_bin; $clone->add($salt); my $gen = &MIME::Base64::encode_base64( $clone->digest . $salt, '' ); my $scheme = $self->{scheme}; return "{$scheme}$gen"; } =item B Validates a hasheddata previously generated against cleardata. I<$salt_len> defaults to 4 if not set. Returns 1 if the validation is successful, 0 otherwise. =cut sub validate { my ( undef, $hasheddata, $cleardata, $salt_len ) = @_; # trim white-spaces $hasheddata =~ s!^\s+!!; $hasheddata =~ s!\s+$!!; my $scheme = &__get_pass_scheme($hasheddata); $scheme = uc( $scheme ) if $scheme; my $algorithm = &__make_algorithm($scheme); my $hash = &__get_pass_hash($hasheddata) || ''; my $salt = &__extract_salt( $hash, $salt_len ); my $obj = __PACKAGE__->new( algorithm => $algorithm, salt => $salt, salt_len => $salt_len ); $obj->add($cleardata); my $gen_hasheddata = $obj->generate; my $gen_hash = &__get_pass_hash($gen_hasheddata); return _secure_compare( $gen_hash, $hash ); } =item B Returns a handle to L object. =cut sub obj { return shift->{digest}; } =back =head1 FUNCTIONS I =cut sub __make_scheme { my $scheme = shift; my @parts = split /-/, $scheme; pop @parts if $parts[-1] eq '1'; # SHA-1 => SHA $scheme = join '', @parts; return uc("S$scheme"); } sub __make_algorithm { my ( $algorithm ) = @_; $algorithm ||= ''; local $1; if ( $algorithm =~ m!^S(.*)$! ) { $algorithm = $1; # print STDERR "algorithm: $algorithm\n"; if ( $algorithm =~ m!([a-zA-Z]+)([0-9]+)! ) { my $name = uc($1); my $digits = $2; # print STDERR "name: $name\n"; # print STDERR "digits: $digits\n"; $name = "HMAC-$2" if $name =~ m!^HMAC(.*)$!; # HMAC-SHA-1 $digits = "-$digits" unless $name =~ m!MD$!; # MD2, MD4, MD5 $algorithm = "$name$digits"; } } return $algorithm; } sub __get_pass_scheme { local $1; return unless $_[0] =~ m/{([^}]*)/; return $1; } sub __get_pass_hash { local $1; return unless $_[0] =~ m/}(.*)/; return $1; } sub __generate_hex_salt { my $length = shift || 8; my $salt = substr( unpack( "h*", Crypt::SysRandom::random_bytes( POSIX::ceil( $length / 2 ) ) ), 0, $length ); return "HEX{$salt}"; } sub __extract_salt { my ( $hash, $salt_len ) = @_; my $binhash = &MIME::Base64::decode_base64($hash); my $binsalt = substr( $binhash, length($binhash) - ( $salt_len || 4 ) ); return $binsalt; } sub _secure_compare { my ($left, $right) = @_; my $res = length $left != length $right; $right = $left if $res; $res |= ord(substr $left, $_, 1) ^ ord(substr $right, $_, 1) for 0 .. length($left) - 1; return $res == 0; } =head1 SEE ALSO L, L =head1 AUTHOR Sascha Kiefer, The current maintainer is Robert Rothenberg =head1 ACKNOWLEDGMENTS The author is particularly grateful to Andres Andreu for his article: Salted hashes demystified - A Primer (L) =head1 COPYRIGHT AND LICENSE Copyright (C) 2005-2006, 2010, 2013, 2026 Sascha Kiefer This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =cut 1; dist-manifest.t100644001750001750 12215203330604 20042 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/xt/releaseuse strict; use warnings; use Test::More; use Test::DistManifest; manifest_ok(); bug-localize-regex-vars.t100644001750001750 107615203330604 20152 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/tuse strict; use warnings; use Test::More; use Crypt::SaltedHash; use Test::Fatal; my $string = "+++linux"; $string =~ m/[+]*(.*)/; is $1, 'linux', '$1 set to "linux"'; my $stored_password = '$PBKDF2$HMACSHA1:1000:bHV4ZW1idXJna0tB4/Lo9MtMLaGHOtY9ig==$sUKYw9mZ66E8fLL2w01Rq2EotiY='; my $password = 'somepw'; my $return; my $lives = exception { $return = Crypt::SaltedHash->validate( $stored_password, $password, undef ) }; is $lives, undef, 'validate() lived even through non-match and $1 already set!'; ok !$return, 'validate() returns false properly'; done_testing; minimum-version.t100644001750001750 15415203330604 20320 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/xt/authoruse strict; use warnings; use Test::More; use Test::MinimumVersion; all_minimum_version_from_metayml_ok(); clean-namespaces.t100644001750001750 36115203330604 20361 0ustar00rrrr000000000000Crypt-SaltedHash-0.11/xt/authoruse strict; use warnings; # this test was generated with Dist::Zilla::Plugin::Test::CleanNamespaces 0.006 use Test::More 0.94; use Test::CleanNamespaces 0.15; subtest all_namespaces_clean => sub { all_namespaces_clean() }; done_testing;