>> if (!strncmp(plaintext, ciphertext), ciphertext), 13) { > >Could you fix those lines? I'm a bit confused. :) Do you mean > > if (!strncmp(plaintext, ciphertext, 13)) { It's part and parcel of a typo; apologies, I am suffering the after effects of having bought my first home, unpacked myself, and am completely pooped. Attached is the correction I sent to the first person who pointed it out. - alec ------------------------------------------------------------------ To: Nate Lawson <nateat_private> Subject: Re: Digital Unix 4 protected password database. Date: Tue, 16 Mar 1999 12:20:59 +0000 From: Alec Muffett <alecm@wmp-home> >> if (!strcmp(plaintext, ciphertext), ciphertext)) { > >I'm not sure I understand your code example. Did you mean to say >crypt(plaintext, salt) somewhere in there? Oops - typo: Should read: if (!strcmp(crypt(plaintext, ciphertext), ciphertext)) { It is an old programmer mantra; since the salt is stored as the first two (or, generalised for new crypt() replacements, the first "N") characters of the ciphertext, then the ciphertext string *itself* can be passed in as the salt string, and the algorithm expected to extract what it needs. The joy of this mantra is that it is portable to newer crypt replacements which have ciphertexts that look *something* like this in the password file: root:$x$saltstring$resultingciphertexthash:0:0:Root User:/sbin/sh: ...where the "$" characters are used to delimit the arbitrary field lengths that are used, and the "x" is a integer or string mapping to an algorithm (MD5, SHA-1, some local variant) which the crypt() front-end can switch on, so you can have several different algorithms running in the same password file. If the first char of the pw_passwd field is *not* "$" then the crypt() frontend assumes that it is dealing with a traditional crypt() algorithm. Neat, huh? This should also illustrate how my poke-hack worked, if you think about it. - alec ps: you think I should post this to BUGTRAQ as a wider explanation? -- alec muffett, sun professional services, alec.muffett @ uk.sun.com anything of importance in your life happened about 10 years ago - atx
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:39:11 PDT