apache-md5
Advanced tools
Comparing version 1.1.5 to 1.1.6
{ | ||
"name": "apache-md5", | ||
"description": "Node.js module for Apache style password encryption using md5.", | ||
"version": "1.1.5", | ||
"version": "1.1.6", | ||
"author": "Gevorg Harutyunyan (http://github.com/gevorg)", | ||
@@ -12,6 +12,6 @@ "maintainers": [ | ||
], | ||
"homepage": "http://github.com/http-auth/apache-md5", | ||
"homepage": "http://github.com/gevorg/apache-md5", | ||
"repository": { | ||
"type": "git", | ||
"url": "http://github.com/http-auth/apache-md5.git" | ||
"url": "http://github.com/gevorg/apache-md5.git" | ||
}, | ||
@@ -22,3 +22,3 @@ "main": "./src/index.js", | ||
"type": "MIT", | ||
"url": "http://github.com/http-auth/apache-md5/blob/master/LICENSE" | ||
"url": "http://github.com/gevorg/apache-md5/blob/master/LICENSE" | ||
} | ||
@@ -28,3 +28,3 @@ ], | ||
"bugs": { | ||
"url": "http://github.com/http-auth/apache-md5/issues" | ||
"url": "http://github.com/gevorg/apache-md5/issues" | ||
}, | ||
@@ -34,4 +34,7 @@ "devDependencies": { | ||
"eslint": "^6.8.0", | ||
"eslint-config-prettier": "^6.10.0", | ||
"eslint-plugin-node": "^11.0.0", | ||
"mocha": "^7.0.1" | ||
"eslint-plugin-prettier": "^3.1.2", | ||
"mocha": "^7.0.1", | ||
"prettier": "^1.19.1" | ||
}, | ||
@@ -38,0 +41,0 @@ "engines": { |
# apache-md5 | ||
[Node.js](http://nodejs.org/) package for Apache style password encryption using md5.. | ||
[Node.js](http://nodejs.org/) package for Apache style password encryption using md5. | ||
[![build](https://github.com/http-auth/apache-md5/workflows/build/badge.svg)](https://github.com/http-auth/apache-md5/actions?query=workflow%3Abuild) | ||
[![build](https://github.com/gevorg/apache-md5/workflows/build/badge.svg)](https://github.com/gevorg/apache-md5/actions/workflows/build.yml) | ||
@@ -11,3 +11,3 @@ ## Installation | ||
```bash | ||
$ git clone git://github.com/http-auth/apache-md5.git | ||
$ git clone git://github.com/gevorg/apache-md5.git | ||
``` | ||
@@ -42,32 +42,4 @@ Via [npm](http://npmjs.org/): | ||
## Issues | ||
You can find list of issues using **[this link](http://github.com/http-auth/apache-md5/issues)**. | ||
## Requirements | ||
- **[Node.js](http://nodejs.org)** - Event-driven I/O server-side JavaScript environment based on V8. | ||
- **[npm](http://npmjs.org)** - Package manager. Installs, publishes and manages node programs. | ||
## License | ||
The MIT License (MIT) | ||
Copyright (c) Gevorg Harutyunyan | ||
Permission is hereby granted, free of charge, to any person obtaining a copy of | ||
this software and associated documentation files (the "Software"), to deal in | ||
the Software without restriction, including without limitation the rights to | ||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of | ||
the Software, and to permit persons to whom the Software is furnished to do so, | ||
subject to the following conditions: | ||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS | ||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR | ||
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER | ||
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | ||
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||
The MIT License (MIT) |
177
src/index.js
"use strict"; | ||
// Crypto module import. | ||
const crypto = require('crypto'); | ||
const crypto = require("crypto"); | ||
// Hash generation string. | ||
const itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; | ||
const itoa64 = | ||
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | ||
// To 64 bit version. | ||
function to64(index, count) { | ||
let result = ''; | ||
let result = ""; | ||
while (--count >= 0) { // Result char count. | ||
result += itoa64[index & 63]; // Get corresponding char. | ||
index = index >> 6; // Move to next one. | ||
} | ||
while (--count >= 0) { | ||
// Result char count. | ||
result += itoa64[index & 63]; // Get corresponding char. | ||
index = index >> 6; // Move to next one. | ||
} | ||
return result; | ||
return result; | ||
} | ||
@@ -23,15 +25,16 @@ | ||
function getSalt(inputSalt) { | ||
let salt = ''; | ||
let salt = ""; | ||
if (inputSalt) { | ||
// Remove $apr1$ token and extract salt. | ||
salt = inputSalt.split('$')[2]; | ||
} else { | ||
while(salt.length < 8) { // Random 8 chars. | ||
let rchIndex = Math.floor((Math.random() * 64)); | ||
salt += itoa64[rchIndex]; | ||
} | ||
if (inputSalt) { | ||
// Remove $apr1$ token and extract salt. | ||
salt = inputSalt.split("$")[2]; | ||
} else { | ||
while (salt.length < 8) { | ||
// Random 8 chars. | ||
let rchIndex = Math.floor(Math.random() * 64); | ||
salt += itoa64[rchIndex]; | ||
} | ||
} | ||
return salt; | ||
return salt; | ||
} | ||
@@ -41,13 +44,38 @@ | ||
function getPassword(final) { | ||
// Encrypted pass. | ||
let epass = ''; | ||
// Encrypted pass. | ||
let epass = ""; | ||
epass += to64((final.charCodeAt(0) << 16) | (final.charCodeAt(6) << 8) | final.charCodeAt(12), 4); | ||
epass += to64((final.charCodeAt(1) << 16) | (final.charCodeAt(7) << 8) | final.charCodeAt(13), 4); | ||
epass += to64((final.charCodeAt(2) << 16) | (final.charCodeAt(8) << 8) | final.charCodeAt(14), 4); | ||
epass += to64((final.charCodeAt(3) << 16) | (final.charCodeAt(9) << 8) | final.charCodeAt(15), 4); | ||
epass += to64((final.charCodeAt(4) << 16) | (final.charCodeAt(10) << 8) | final.charCodeAt(5), 4); | ||
epass += to64(final.charCodeAt(11), 2); | ||
epass += to64( | ||
(final.charCodeAt(0) << 16) | | ||
(final.charCodeAt(6) << 8) | | ||
final.charCodeAt(12), | ||
4 | ||
); | ||
epass += to64( | ||
(final.charCodeAt(1) << 16) | | ||
(final.charCodeAt(7) << 8) | | ||
final.charCodeAt(13), | ||
4 | ||
); | ||
epass += to64( | ||
(final.charCodeAt(2) << 16) | | ||
(final.charCodeAt(8) << 8) | | ||
final.charCodeAt(14), | ||
4 | ||
); | ||
epass += to64( | ||
(final.charCodeAt(3) << 16) | | ||
(final.charCodeAt(9) << 8) | | ||
final.charCodeAt(15), | ||
4 | ||
); | ||
epass += to64( | ||
(final.charCodeAt(4) << 16) | | ||
(final.charCodeAt(10) << 8) | | ||
final.charCodeAt(5), | ||
4 | ||
); | ||
epass += to64(final.charCodeAt(11), 2); | ||
return epass; | ||
return epass; | ||
} | ||
@@ -57,58 +85,67 @@ | ||
module.exports = (password, salt) => { | ||
let magic = ''; | ||
if (salt && salt.split('$')[1] === '1') { | ||
magic = '$1$'; | ||
} else { | ||
magic = '$apr1$'; | ||
} | ||
let magic = ""; | ||
if (salt && salt.split("$")[1] === "1") { | ||
magic = "$1$"; | ||
} else { | ||
magic = "$apr1$"; | ||
} | ||
salt = getSalt(salt); | ||
salt = getSalt(salt); | ||
let ctx = password + magic + salt; | ||
let final = crypto.createHash('md5').update(password + salt + password, 'ascii').digest('binary'); | ||
let ctx = password + magic + salt; | ||
let final = crypto | ||
.createHash("md5") | ||
.update(password + salt + password, "ascii") | ||
.digest("binary"); | ||
for (let pl = password.length; pl > 0; pl -= 16) { | ||
ctx += final.substr(0, (pl > 16) ? 16 : pl); | ||
} | ||
for (let pl = password.length; pl > 0; pl -= 16) { | ||
ctx += final.substr(0, pl > 16 ? 16 : pl); | ||
} | ||
for (let i = password.length; i; i >>= 1) { | ||
if (i % 2) { | ||
ctx += String.fromCharCode(0); | ||
} else { | ||
ctx += password.charAt(0); | ||
} | ||
for (let i = password.length; i; i >>= 1) { | ||
if (i % 2) { | ||
ctx += String.fromCharCode(0); | ||
} else { | ||
ctx += password.charAt(0); | ||
} | ||
} | ||
final = crypto.createHash('md5').update(ctx, 'ascii').digest('binary'); | ||
final = crypto | ||
.createHash("md5") | ||
.update(ctx, "ascii") | ||
.digest("binary"); | ||
// 1000 loop. | ||
for (let i = 0; i < 1000; ++i) { | ||
// Weird stuff. | ||
let ctxl = ''; | ||
// 1000 loop. | ||
for (let i = 0; i < 1000; ++i) { | ||
// Weird stuff. | ||
let ctxl = ""; | ||
if (i % 2) { | ||
ctxl += password; | ||
} else { | ||
ctxl += final.substr(0, 16); | ||
} | ||
if (i % 2) { | ||
ctxl += password; | ||
} else { | ||
ctxl += final.substr(0, 16); | ||
} | ||
if (i % 3) { | ||
ctxl += salt; | ||
} | ||
if (i % 3) { | ||
ctxl += salt; | ||
} | ||
if (i % 7) { | ||
ctxl += password; | ||
} | ||
if (i % 7) { | ||
ctxl += password; | ||
} | ||
if (i % 2) { | ||
ctxl += final.substr(0, 16); | ||
} else { | ||
ctxl += password; | ||
} | ||
// Final assignment after each loop. | ||
final = crypto.createHash('md5').update(ctxl, 'ascii').digest('binary'); | ||
if (i % 2) { | ||
ctxl += final.substr(0, 16); | ||
} else { | ||
ctxl += password; | ||
} | ||
return magic + salt + '$' + getPassword(final); | ||
// Final assignment after each loop. | ||
final = crypto | ||
.createHash("md5") | ||
.update(ctxl, "ascii") | ||
.digest("binary"); | ||
} | ||
return magic + salt + "$" + getPassword(final); | ||
}; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
124
6152
7
43