[nSLUG] Crypt in Perl

Daniel Morrison draker at gmail.com
Wed Jan 7 13:24:49 AST 2009


2009/1/7 D G Teed <donald.teed at gmail.com>:

> But with a salt of a single letter, say "X", things are different:
>
> old FreeBSD:
> $ perl -e 'print crypt("cow","X") . "\n";'
> XXI4zfZAWwgt6
>
> modern Linux:
> $ perl -e 'print crypt("cow","X") . "\n";'
> XX6CWUsAaU4R.
>
> Our legacy web app has a single letter for the salt, so this is
> why the problem is happening.

Ouch!  That behaviour is probably 'undefined'.  I imagine one of them
is using a null, and the other a blank, or a newline.

Wait, the encrypted password shows that both substitute in a second 'X'.

And yet the actual encrypted password with a salt of 'XX' is
XXkTtHeIuQWzE, which doesn't match either of the two.

Yes, perplexing.  Must be undefinied.  Use two characters.  :)

-D.



More information about the nSLUG mailing list