Crypt::SmbHash - Perl-only implementation of lanman and nt md4 hash functions,
for use in Samba style smbpasswd entries
use Crypt::SmbHash;
ntlmgen SCALAR, LMSCALAR, NTSCALAR;
This module generates Lanman and NT MD4 style password hashes, using perl-only
code for portability. The module aids in the administration of Samba style
systems.
In the Samba distribution, authentication is referred to a private smbpasswd
file. Entries have similar forms to the following:
username:unixuid:LM:NT
Where LM and NT are one-way password hashes of the same password.
ntlmgen generates the hashes given in the first argument, and places the result
in the second and third arguments.
Example: To generate a smbpasswd entry:
#!/usr/local/bin/perl
use Crypt::SmbHash;
$username = $ARGV[0];
$password = $ARGV[1];
if ( !$password ) {
print "Not enough arguments\n";
print "Usage: $0 username password\n";
exit 1;
}
$uid = (getpwnam($username))[2];
my ($login,undef,$uid) = getpwnam($ARGV[0]);
ntlmgen $password, $lm, $nt;
printf "%s:%d:%s:%s:[%-11s]:LCT-%08X\n", $login, $uid, $lm, $nt, "U", time;
ntlmgen returns returns the hash values in a list context, so the alternative
method of using it is:
( $lm, $nt ) = ntlmgen $password;
The functions lmhash and nthash are used by ntlmgen to generate the hashes, and
are available when requested:
use Crypt::SmbHash qw(lmhash nthash)
$lm = lmhash($pass);
$nt = nthash($pass);
If Encoding is available (part of perl-5.8) the $pass argument to ntlmgen,
lmhash and nthash must be a perl string. In double use this:
use Crypt::SmbHash qw(ntlmgen lmhash nthash);
use Encode;
( $lm, $nt ) = ntlmgen decode('iso-8859-1', $pass);
$lm = lmhash(decode_utf8($pass), $pwenc);
$nt = nthash(decode_utf8($pass));
The $pwenc parameter to
lmhash() is optional and defaults to
'iso-8859-1'. It specifies the encoding to which the password is encoded
before hashing.
The algorithm used in nthash requires the md4 algorithm. This algorithm is
included in this module for completeness, but because it is written in
all-perl code ( rather than in C ), it's not very quick.
However if you have the Digest::MD4 module installed, Crypt::SmbHash will try to
use that module instead, making it much faster.
A simple test compared calling nthash without Digest::MD4 installed, and with,
this showed that using nthash on a system with Digest::MD4 installed proved to
be over 90 times faster.
Ported from Samba by Benjamin Kuit <lt>
[email protected]<gt>.
Samba is Copyright(C) Andrew Tridgell 1997-1998
Because this module is a direct port of code within the Samba distribution, it
follows the same license, that is:
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.