[nSLUG] Crypt in Perl

George N. White III gnwiii at gmail.com
Wed Jan 7 13:54:16 AST 2009


On Wed, Jan 7, 2009 at 1:19 PM, D G Teed <donald.teed at gmail.com> wrote:

> On Wed, Jan 7, 2009 at 11:58 AM, D G Teed <donald.teed at gmail.com> wrote:
>>
>> I have an unmaintained open source web app which used crypt
>> calls to test for passwords stored in flat files.  I copied it
>> from a FreeBSD system with Perl 5.5.3 to a Redhat
>> box with 5.8.8 and it can't validate the passwords.
>>
>> Does anyone happen to know there were changes
>> to crypt in this time or it's workings has
>> dependence on something?
>>
>> --Donald
>>
>
> Here is a test which perplexes me:
>
> old FreeBSD:
> $ perl -e 'print crypt("cow","xy") . "\n";'
> xytJwuhSBf7w.
>
> modern Linux:
> $ perl -e 'print crypt("cow","xy") . "\n";'
> xytJwuhSBf7w.
>
> This matches.
>
> But with a salt of a single letter, say "X", things are different:
>
> old FreeBSD:
> $ perl -e 'print crypt("cow","X") . "\n";'
> XXI4zfZAWwgt6
>
> modern Linux:
> $ perl -e 'print crypt("cow","X") . "\n";'
> XX6CWUsAaU4R.
>
> Our legacy web app has a single letter for the salt, so this is
> why the problem is happening.

MacOSX:

$ perl -e 'print crypt("cow","X") . "\n";'
X.I4zfZAWwgt6
$ perl -e 'print crypt("cow","X.I4zfZAWwgt6") . "\n";'
X.I4zfZAWwgt6

Solaris 10:

$ perl -e 'print crypt("cow","X") . "\n";'
XX6CWUsAaU4R.

but:
$ perl -e 'print crypt("cow","X.I4zfZAWwgt6") . "\n";'
X.I4zfZAWwgt6

-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia



More information about the nSLUG mailing list