sub mscash2 { # max username (salt) length is supposed to be 19 characters (in John) # max password length is 27 characters (in John) # the algorithm lowercases the salt my $user; my @iter = qw(1024 8192 10240 16384); if (defined $argsalt) { $user = $argsalt; } else { $user = randusername(5); # this one is slooow, we cant have 1320 salts! if ($user eq "Herman") { $user = "nineteen_characters"; # Try max length of salt } } my $iterations = $iter[rand(@iter)]; $salt = encode("UTF-16LE", lc($user)); my $pbkdf2 = Crypt::PBKDF2->new( hash_class => 'HMACSHA1', iterations => $iterations, output_len => 16, salt_len => length($salt), ); # Crypt::PBKDF2 hex output is buggy, we do it ourselves! print "$user:\$DCC2\$$iterations#$user#", unpack("H*", $pbkdf2->PBKDF2($salt,md4(md4(encode("UTF-16LE",$_[0])).$salt))), ":$u:0:$_[0]:mscash2 (user name required for salt in john's format):\n"; }