On 09/01/14 17:47, Doug Poulin wrote:
A user found this strange problem. When their password ends in a single
digit, you can use any number instead of that one and still get the same
encrypted result. Also if you add an extra digit onto the end you get a
similar result Below is a sample:
Sample test program:
#!/usr/bin/perl
my($passwd,$crypt,$salt,$tcrypt);
my(@saltar,$cnt,$rnd);
print "Enter your password to encrypt: ";
$passwd = (<STDIN>);
chop($passwd);
@set = (a..z,A..Z,0..9);
for ($cnt=0; $cnt<2; $cnt++) {
$rnd = int(rand(62));
$saltar[$cnt]=$set[$rnd];
}
$salt = $saltar[0] . $saltar[1];
$crypt = crypt($passwd,$salt);
print "Encrypted string using $salt is $crypt\n";
print "Enter in a test password: ";
$passwd = (<STDIN>);
chop $passwd;
$salt = substr($crypt,0,2);
$tcrypt = crypt($passwd,$salt);
print "Result of test encrypt: $tcrypt\n";
Sample output 1:
Enter your password to encrypt: aabbccddee
Encrypted string using j1 is j1E.Uer2plwdM
Enter in a test password: aabbccddee1
Result of test encrypt: j1E.Uer2plwdM
Enter your password to encrypt: aabbccdde1
Encrypted string using 2z is 2zL6VvHA/mBl.
Enter in a test password: aabbccdde2
Result of test encrypt: 2zL6VvHA/mBl.
Perhaps if you used "chomp" instead of "chop", you'd get the results you
were expecting?
Paul.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
