problem with crypt function
Steven Stern
subscribed-lists at sterndata.com
Thu Jan 9 18:19:48 UTC 2014
On 01/09/2014 11:47 AM, Doug Poulin wrote:
> A user found this strange problem. When their password ends in a single
> digit, you can use any number instead of that one and still get the same
> encrypted result. Also if you add an extra digit onto the end you get a
> similar result Below is a sample:
>
>
>
> Sample test program:
>
>
>
> #!/usr/bin/perl
>
> my($passwd,$crypt,$salt,$tcrypt);
>
> my(@saltar,$cnt,$rnd);
>
>
>
> print "Enter your password to encrypt: ";
>
> $passwd = (<STDIN>);
>
> chop($passwd);
>
>
>
> @set = (a..z,A..Z,0..9);
>
> for ($cnt=0; $cnt<2; $cnt++) {
>
> $rnd = int(rand(62));
>
> $saltar[$cnt]=$set[$rnd];
>
> }
>
> $salt = $saltar[0] . $saltar[1];
>
>
>
> $crypt = crypt($passwd,$salt);
>
>
>
> print "Encrypted string using $salt is $crypt\n";
>
>
>
> print "Enter in a test password: ";
>
> $passwd = (<STDIN>);
>
> chop $passwd;
>
>
>
> $salt = substr($crypt,0,2);
>
> $tcrypt = crypt($passwd,$salt);
>
>
>
> print "Result of test encrypt: $tcrypt\n";
>
>
>
>
>
> Sample output 1:
>
> Enter your password to encrypt: aabbccddee
>
> Encrypted string using j1 is j1E.Uer2plwdM
>
> Enter in a test password: aabbccddee1
>
> Result of test encrypt: j1E.Uer2plwdM
>
>
>
> Enter your password to encrypt: aabbccdde1
>
> Encrypted string using 2z is 2zL6VvHA/mBl.
>
> Enter in a test password: aabbccdde2
>
> Result of test encrypt: 2zL6VvHA/mBl.
>
In the crypt documentation on php.net, it says
"The standard DES-based crypt() returns the salt as the first two
characters of the output. It also only uses the first eight characters
of str, so longer strings that start with the same eight characters will
generate the same result (when the same salt is used)."
--
-- Steve
More information about the selinux
mailing list