On 01/09/2014 11:47 AM, Doug Poulin wrote:
A user found this strange problem. When their password ends in a
single
digit, you can use any number instead of that one and still get the same
encrypted result. Also if you add an extra digit onto the end you get a
similar result Below is a sample:
Sample test program:
#!/usr/bin/perl
my($passwd,$crypt,$salt,$tcrypt);
my(@saltar,$cnt,$rnd);
print "Enter your password to encrypt: ";
$passwd = (<STDIN>);
chop($passwd);
@set = (a..z,A..Z,0..9);
for ($cnt=0; $cnt<2; $cnt++) {
$rnd = int(rand(62));
$saltar[$cnt]=$set[$rnd];
}
$salt = $saltar[0] . $saltar[1];
$crypt = crypt($passwd,$salt);
print "Encrypted string using $salt is $crypt\n";
print "Enter in a test password: ";
$passwd = (<STDIN>);
chop $passwd;
$salt = substr($crypt,0,2);
$tcrypt = crypt($passwd,$salt);
print "Result of test encrypt: $tcrypt\n";
Sample output 1:
Enter your password to encrypt: aabbccddee
Encrypted string using j1 is j1E.Uer2plwdM
Enter in a test password: aabbccddee1
Result of test encrypt: j1E.Uer2plwdM
Enter your password to encrypt: aabbccdde1
Encrypted string using 2z is 2zL6VvHA/mBl.
Enter in a test password: aabbccdde2
Result of test encrypt: 2zL6VvHA/mBl.
In the crypt documentation on
php.net, it says
"The standard DES-based crypt() returns the salt as the first two
characters of the output. It also only uses the first eight characters
of str, so longer strings that start with the same eight characters will
generate the same result (when the same salt is used)."
--
-- Steve