upassword: changer le générateur aléatoire

This commit is contained in:
Jephté Clain 2021-11-02 11:12:19 +04:00
parent a85cdf6ddc
commit 8a682edade
1 changed files with 61 additions and 84 deletions

145
upassword
View File

@ -19,7 +19,6 @@ import java.security.SecureRandom;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Random; import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import javax.crypto.Cipher; import javax.crypto.Cipher;
@ -139,7 +138,6 @@ public class upassword {
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class Base64 { public static class Base64 {
public final static int NO_OPTIONS = 0; public final static int NO_OPTIONS = 0;
@ -968,7 +966,6 @@ public class upassword {
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class DES { public static class DES {
private int[] encryptKeys = new int[32]; private int[] encryptKeys = new int[32];
@ -1873,7 +1870,6 @@ public class upassword {
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class MD4 extends MessageDigest implements Cloneable { public static class MD4 extends MessageDigest implements Cloneable {
private static final int BLOCK_LENGTH = 64; private static final int BLOCK_LENGTH = 64;
@ -2030,7 +2026,6 @@ public class upassword {
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class jcrypt { public static class jcrypt {
private jcrypt() { private jcrypt() {
} }
@ -3660,7 +3655,6 @@ public class upassword {
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class Salt { public static class Salt {
public static final String getCryptSalt(String pw) { public static final String getCryptSalt(String pw) {
if (pw == null) return null; if (pw == null) return null;
@ -3758,7 +3752,6 @@ public class upassword {
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class Password { public static class Password {
public static final String CLEARTEXT = "", CRYPT = "CRYPT", MD5 = "MD5", SMD5 = "SMD5", public static final String CLEARTEXT = "", CRYPT = "CRYPT", MD5 = "MD5", SMD5 = "SMD5",
SHA = "SHA", XSHA = "XSHA", SSHA = "SSHA"; SHA = "SHA", XSHA = "XSHA", SSHA = "SSHA";
@ -4193,7 +4186,6 @@ public class upassword {
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class PasswordChecker { public static class PasswordChecker {
public PasswordChecker(int minLen, int minUpper, int minLower, int minAlpha, int minNumber, public PasswordChecker(int minLen, int minUpper, int minLower, int minAlpha, int minNumber,
int minSymbol, int minSpecial, boolean allowMultibytes) { int minSymbol, int minSpecial, boolean allowMultibytes) {
@ -4564,6 +4556,60 @@ public class upassword {
return generate(minLen, maxLen, sections, DEFAULT_RAND); return generate(minLen, maxLen, sections, DEFAULT_RAND);
} }
/**
* Génère une chaine de caractère aléatoire d'une taille définie adapté aux mot de passe
*
* @param size Nombre de bloque de 4 caractères à générer
* @param punctuationsNumber Nombre de ponctuations à insérer
* @return Chaine de caractères aléatoires générée
*/
public static String generateJk(int size, int punctuationsNumber, Random rand) {
final String CONSONANTS = "bcdfghjklmnpqrstvwxz";
final String VOWELS = "aeiuoy";
final String PUNCTUATIONS = "!:;,?.";
String seed;
// taille minimale de la chaine
if (size < 1) {
size = 3;
}
// S'il y a trop de ponctuations à placer
if (punctuationsNumber > size) {
punctuationsNumber = size;
}
// préparation d'un constructeur de chaîne
StringBuilder builder = new StringBuilder(size);
String punctuationsUsed = "";
int rnd;
// calcule aléatoirement le caractère à sélectionner
for (int index = 0; index < size * 4; index++) {
// espace
if (index != 0 && index % 4 == 0) {
builder.append(" ");
}
// lettre
seed = index % 2 == 0 ? CONSONANTS : VOWELS;
builder.append(
seed.charAt(
rand.nextInt(seed.length())
)
);
// ponctuation
if (punctuationsNumber > 0 && (index + 1) % 4 == 0) {
rnd = rand.nextInt(size);
if (punctuationsUsed.length() < punctuationsNumber && rnd <= punctuationsNumber) {
punctuationsUsed += PUNCTUATIONS.charAt(
rand.nextInt(PUNCTUATIONS.length())
);
builder.append(punctuationsUsed.charAt(punctuationsUsed.length() - 1));
}
}
}
return builder.toString();
}
public static String generateJk(int size, int punctuationsNumber) {
return generateJk(size, punctuationsNumber, DEFAULT_RAND);
}
public PasswordGenerator(int minLen, String[] sections, int[] minCounts, Random rand) { public PasswordGenerator(int minLen, String[] sections, int[] minCounts, Random rand) {
setMinLen(minLen); setMinLen(minLen);
setSections(sections); setSections(sections);
@ -4626,10 +4672,12 @@ public class upassword {
public String generate(int maxLen) { public String generate(int maxLen) {
return generate(minLen, maxLen, sections, minCounts, rand); return generate(minLen, maxLen, sections, minCounts, rand);
} }
public String generateJk() {
return generateJk(3, 1, rand);
}
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class AESEnc { public static class AESEnc {
private static final String AES = "AES"; private static final String AES = "AES";
@ -4721,76 +4769,6 @@ public class upassword {
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
public static class WOJavaMonitorPassword {
public static long myrand() {
long nextLong = ThreadLocalRandom.current().nextLong();
while (nextLong == Long.MIN_VALUE) {
nextLong = ThreadLocalRandom.current().nextLong();
}
return Math.abs(nextLong);
}
public static String encryptStringWithKey(String to_be_encrypted, String aKey) {
String encrypted_value = "";
char xdigit[] = { '0' , '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
MessageDigest messageDigest;
try {
messageDigest = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException exc) {
throw new AssertionError("MD5 n'est pas disponible: " + getSummary(exc));
}
if (to_be_encrypted != null) {
byte digest[];
byte fudge_constant[];
try {
fudge_constant = ("X#@!").getBytes("UTF8");
} catch (UnsupportedEncodingException uee) {
fudge_constant = ("X#@!").getBytes();
}
byte fudgetoo_part[] = {
(byte)xdigit[(int)(myrand() % 16)] ,
(byte)xdigit[(int)(myrand() % 16)] ,
(byte)xdigit[(int)(myrand() % 16)] ,
(byte)xdigit[(int)(myrand() % 16)]
};
int i = 0;
if (aKey != null) {
try {
fudgetoo_part = aKey.getBytes("UTF8");
} catch (UnsupportedEncodingException uee) {
fudgetoo_part = aKey.getBytes();
}
}
messageDigest.update(fudge_constant);
try {
messageDigest.update(to_be_encrypted.getBytes("UTF8"));
} catch (UnsupportedEncodingException uee) {
messageDigest.update(to_be_encrypted.getBytes());
}
messageDigest.update(fudgetoo_part);
digest = messageDigest.digest();
encrypted_value = new String(fudgetoo_part);
for (i = 0; i < digest.length; i++) {
int mashed;
char temp[] = new char[2];
if (digest[i] < 0) {
mashed = 127 + ( -1 * digest[i]);
} else {
mashed = digest[i];
}
temp[0] = xdigit[mashed / 16];
temp[1] = xdigit[mashed % 16];
encrypted_value = encrypted_value + (new String(temp));
}
}
return encrypted_value;
}
}
// ------------------------------------------------------------------------
private Password getPasswordAnySalt(String clear, String scheme, final String anySalt) { private Password getPasswordAnySalt(String clear, String scheme, final String anySalt) {
return new Password(clear, scheme) { return new Password(clear, scheme) {
@Override @Override
@ -5111,7 +5089,7 @@ public class upassword {
if (clear == null) { if (clear == null) {
PasswordGenerator pg = new PasswordGenerator(); PasswordGenerator pg = new PasswordGenerator();
clear = pg.generate(); clear = pg.generateJk();
} }
String newCryptSalt = null; String newCryptSalt = null;
@ -5186,7 +5164,6 @@ public class upassword {
String md5 = getPasswordAnySalt(clear, Password.MD5, null).getNormalized(); String md5 = getPasswordAnySalt(clear, Password.MD5, null).getNormalized();
String smd5 = getPasswordBinarySalt(clear, Password.SMD5, newBinarySalt) String smd5 = getPasswordBinarySalt(clear, Password.SMD5, newBinarySalt)
.getNormalized(); .getNormalized();
String wojmp = WOJavaMonitorPassword.encryptStringWithKey(clear, null);
String aes = null; String aes = null;
if (aeskey != null) { if (aeskey != null) {
try { try {
@ -5205,7 +5182,6 @@ public class upassword {
printvar("ssha", ssha, shell); printvar("ssha", ssha, shell);
printvar("md5", md5, shell); printvar("md5", md5, shell);
printvar("smd5", smd5, shell); printvar("smd5", smd5, shell);
printvar("wojmp", wojmp, shell);
if (aes != null) printvar("aes", aes, shell); if (aes != null) printvar("aes", aes, shell);
} else if (hashAction == EHashAction.CHECK_MATCH) { } else if (hashAction == EHashAction.CHECK_MATCH) {
// Afficher uniquement les versions cryptées des mots de passe avec // Afficher uniquement les versions cryptées des mots de passe avec
@ -5276,8 +5252,9 @@ public class upassword {
} }
case GEN_AESKEY: { case GEN_AESKEY: {
if (aeskeyfile == null) die("Vous devez spécifier l'option -f", null); if (aeskeyfile == null) {
if (new File(aeskeyfile).exists()) { die("Vous devez spécifier l'option -f", null);
} else if (new File(aeskeyfile).exists()) {
die(aeskeyfile + ": Refus d'écraser un fichier existant", null); die(aeskeyfile + ": Refus d'écraser un fichier existant", null);
} }