problem with crypt function
Paul Howarth
paul at city-fan.org
Fri Jan 10 10:00:39 UTC 2014
On 09/01/14 17:47, Doug Poulin wrote:
> A user found this strange problem. When their password ends in a single
> digit, you can use any number instead of that one and still get the same
> encrypted result. Also if you add an extra digit onto the end you get a
> similar result Below is a sample:
>
>
>
> Sample test program:
>
>
>
> #!/usr/bin/perl
>
> my($passwd,$crypt,$salt,$tcrypt);
>
> my(@saltar,$cnt,$rnd);
>
>
>
> print "Enter your password to encrypt: ";
>
> $passwd = (<STDIN>);
>
> chop($passwd);
>
>
>
> @set = (a..z,A..Z,0..9);
>
> for ($cnt=0; $cnt<2; $cnt++) {
>
> $rnd = int(rand(62));
>
> $saltar[$cnt]=$set[$rnd];
>
> }
>
> $salt = $saltar[0] . $saltar[1];
>
>
>
> $crypt = crypt($passwd,$salt);
>
>
>
> print "Encrypted string using $salt is $crypt\n";
>
>
>
> print "Enter in a test password: ";
>
> $passwd = (<STDIN>);
>
> chop $passwd;
>
>
>
> $salt = substr($crypt,0,2);
>
> $tcrypt = crypt($passwd,$salt);
>
>
>
> print "Result of test encrypt: $tcrypt\n";
>
>
>
>
>
> Sample output 1:
>
> Enter your password to encrypt: aabbccddee
>
> Encrypted string using j1 is j1E.Uer2plwdM
>
> Enter in a test password: aabbccddee1
>
> Result of test encrypt: j1E.Uer2plwdM
>
>
>
> Enter your password to encrypt: aabbccdde1
>
> Encrypted string using 2z is 2zL6VvHA/mBl.
>
> Enter in a test password: aabbccdde2
>
> Result of test encrypt: 2zL6VvHA/mBl.
Perhaps if you used "chomp" instead of "chop", you'd get the results you
were expecting?
Paul.
More information about the selinux
mailing list