UAI_C_AD_II
UAI_C_PURDY
UAI_C_PURDY_V
UAI_C_PURDY_S
These constants are used to identify the four password hashing algorithms used by VMS. They are the
"UAI$C_" constants in VMS.
"UAI_C_AD_II" refers to a 32-bit CRC algorithm. The CRC polynomial used is the IEEE CRC-32
polynomial, as used in Ethernet, and in this context is known as "AUTODIN-II". The hash is merely
the CRC of the password.
"UAI_C_PURDY", "UAI_C_PURDY_V", and "UAI_C_PURDY_S" refer to successive refinements of an algorithm
based on Purdy polynomials. All of these algorithms use the salt and username parameters as salt,
use the whole password, and return an eight-byte (64-bit) hash. The main part of the algorithm, the
Purdy polynomial, is identical in all three. They differ in the pre-hashing, particularly in the
treatment of the username parameter.
In "UAI_C_PURDY" the username is truncated or space-padded to 12 characters before being hashed in.
"UAI_C_PURDY_V" accepts a variable-length username. "UAI_C_PURDY_S" accepts a variable-length
username and also includes the password length in the hash. "UAI_C_PURDY_S" also does some extra bit
rotations when hashing in the username and password strings, in order to avoid aliasing.
lgi_hpwd(USERNAME, PASSWORD, ALGORITHM, SALT)
This is the "SYS$HASH_PASSWORD" function from VMS (also known as "LGI$HPWD"), but with the parameters
in a different order. It hashes the PASSWORD string in a manner determined by the other parameters,
and returns the hash as a string of bytes.
ALGORITHM determines which hashing algorithm will be used. It must be the value of one of the
algorithm constants supplied by this module (see above).
SALT must be an integer in the range [0, 2^16). It modifies the hashing so that the same password
does not always produce the same hash.
USERNAME is a string that is used as more salt. In VMS it is the username of the account to which
the password controls access.
VMS usernames and passwords are constrained in character set and length, and are case-insensitive.
This function does not enforce these restrictions, nor perform canonicalisation. If restrictions and
canonicalisation are desired then they must be applied separately. The functions "vms_username" and
"vms_password" described below may be useful.
vms_username(USERNAME)
Checks whether the USERNAME string matches VMS username syntax, and canonicalises it. VMS username
syntax is 1 to 31 characters from case-insensitive alphanumerics, "_", and "$". If the string has
correct username syntax then the username is returned in canonical form (uppercase). If the string
is not a username then "undef" is returned.
vms_password(PASSWORD)
Checks whether the PASSWORD string is an acceptable VMS password, and canonicalises it. VMS password
syntax is 1 to 32 characters from case-insensitive alphanumerics, "_", and "$". If the string is an
acceptable password then the password is returned in canonical form (uppercase). If the string is
not an acceptable password then "undef" is returned.