On 09/01/14 17:47, Doug Poulin wrote:
A user found this strange problem. When their password ends in a single digit, you can use any number instead of that one and still get the same encrypted result. Also if you add an extra digit onto the end you get a similar result Below is a sample: Sample test program: #!/usr/bin/perl my($passwd,$crypt,$salt,$tcrypt); my(@saltar,$cnt,$rnd); print "Enter your password to encrypt: "; $passwd = (<STDIN>); chop($passwd); @set = (a..z,A..Z,0..9); for ($cnt=0; $cnt<2; $cnt++) { $rnd = int(rand(62)); $saltar[$cnt]=$set[$rnd]; } $salt = $saltar[0] . $saltar[1]; $crypt = crypt($passwd,$salt); print "Encrypted string using $salt is $crypt\n"; print "Enter in a test password: "; $passwd = (<STDIN>); chop $passwd; $salt = substr($crypt,0,2); $tcrypt = crypt($passwd,$salt); print "Result of test encrypt: $tcrypt\n"; Sample output 1: Enter your password to encrypt: aabbccddee Encrypted string using j1 is j1E.Uer2plwdM Enter in a test password: aabbccddee1 Result of test encrypt: j1E.Uer2plwdM Enter your password to encrypt: aabbccdde1 Encrypted string using 2z is 2zL6VvHA/mBl. Enter in a test password: aabbccdde2 Result of test encrypt: 2zL6VvHA/mBl.
Perhaps if you used "chomp" instead of "chop", you'd get the results you were expecting?
Paul. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux