[nSLUG] Crypt in Perl

D G Teed donald.teed at gmail.com
Wed Jan 7 13:19:15 AST 2009


On Wed, Jan 7, 2009 at 11:58 AM, D G Teed <donald.teed at gmail.com> wrote:

> I have an unmaintained open source web app which used crypt
> calls to test for passwords stored in flat files.  I copied it
> from a FreeBSD system with Perl 5.5.3 to a Redhat
> box with 5.8.8 and it can't validate the passwords.
>
> Does anyone happen to know there were changes
> to crypt in this time or it's workings has
> dependence on something?
>
> --Donald
>
>
Here is a test which perplexes me:

old FreeBSD:
$ perl -e 'print crypt("cow","xy") . "\n";'
xytJwuhSBf7w.

modern Linux:
$ perl -e 'print crypt("cow","xy") . "\n";'
xytJwuhSBf7w.

This matches.

But with a salt of a single letter, say "X", things are different:

old FreeBSD:
$ perl -e 'print crypt("cow","X") . "\n";'
XXI4zfZAWwgt6

modern Linux:
$ perl -e 'print crypt("cow","X") . "\n";'
XX6CWUsAaU4R.

Our legacy web app has a single letter for the salt, so this is
why the problem is happening.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20090107/f618ff92/attachment.html>


More information about the nSLUG mailing list