Passphrases using the mysql v4.1 algorithm
use Authen::Passphrase::MySQL41;
$ppr = Authen::Passphrase::MySQL41->new(
hash_hex => "9CD12C48C4C5DD62914B".
"3FABB93131746E9E9115");
$ppr = Authen::Passphrase::MySQL41->new(
passphrase => "passphrase");
$hash = $ppr->hash;
$hash_hex = $ppr->hash_hex;
if($ppr->match($passphrase)) { ...
An object of this class encapsulates a passphrase hashed using the algorithm used by MySQL from version 4.1. This is a subclass of Authen::Passphrase, and this document assumes that the reader is familiar with the documentation for that class.
The MySQL v4.1 hash scheme is based on the \s-1SHA-1\s0 digest algorithm. The passphrase is first hashed using \s-1SHA-1\s0, then the output of that stage is hashed using \s-1SHA-1\s0 again. The final hash is the output of the second \s-1SHA-1\s0. No salt is used.
In MySQL the hash is represented as a "*" followed by 40 uppercase hexadecimal digits.
The lack of salt is a weakness in this scheme. Salted \s-1SHA-1\s0 is a better scheme; see Authen::Passphrase::SaltedDigest.
Generates a new passphrase recogniser object using the MySQL v4.1 algorithm. The following attributes may be given:
The hash, as a string of 20 bytes.
The hash, as a string of 40 hexadecimal digits.
A passphrase that will be accepted.
Either the hash or the passphrase must be given.
Returns the hash value, as a string of 20 bytes. Returns the hash value, as a string of 40 uppercase hexadecimal digits. This method is part of the standard Authen::Passphrase interface.
Authen::Passphrase, Digest::SHA
Andrew Main (Zefram) <[email protected]>
Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram) <[email protected]>
This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.