… | |
… | |
36 | sub hash_pw($) { |
36 | sub hash_pw($) { |
37 | # we primarily want to protect the password itself, and |
37 | # we primarily want to protect the password itself, and |
38 | # secondarily want to protect us against pre-image attacks. |
38 | # secondarily want to protect us against pre-image attacks. |
39 | # we don't want to overdo it, to keep implementation simple. |
39 | # we don't want to overdo it, to keep implementation simple. |
40 | |
40 | |
41 | my $pw = shift; |
41 | my $pass = substr shift, 0, 512 / 8; |
42 | |
42 | |
43 | for (0..9) { |
43 | my $hash; # first iteration is just dgst $pass |
44 | $pw = "deliantrakdf$_$pw" x 32; |
|
|
45 | $pw = dgst $pw; |
|
|
46 | } |
|
|
47 | |
44 | |
48 | $pw |
45 | $hash = dgst $hash ^ $pass |
|
|
46 | for 0..9999; |
|
|
47 | |
|
|
48 | $hash |
49 | } |
49 | } |
50 | |
50 | |
51 | =item Deliantra::Util::auth_pw $hash, $nonce1, $nonce2 |
51 | =item Deliantra::Util::auth_pw $hash, $nonce1, $nonce2 |
52 | |
52 | |
53 | Authenticates a (hashed) password using the given nonce. |
53 | Authenticates a (hashed) password using the given nonce. |