[nSLUG] Crypt in Perl

D G Teed donald.teed at gmail.com
Wed Jan 7 21:32:38 AST 2009


On Wed, Jan 7, 2009 at 1:55 PM, D G Teed <donald.teed at gmail.com> wrote:

> I found a solution, based on what I saw here:
>
>
> http://www.unix.com/unix-dummies-questions-answers/15303-shadow-file-encryption-method.html
>
> Someone in that post tried a one char seed with a bit
> of C code using crypt.h, and always got a "." as the second char
> in the crypt output.  So I tested with a salt of "X." -
> the output is the same as salt of "X" except
> the second char is always "." in the output.
>
> I just need to edit all of the flat files to change the second char
> to "." and it will match.
>
> Weird but better than getting all users to reset their passwords.
>
> --Donald


In case this isn't clear, this is what I found...

On FreeBSD 4.11:

> perl -e 'print crypt("cow","X.") . "\n";'
X.I4zfZAWwgt6
> perl -e 'print crypt("cow","X") . "\n";'
XXI4zfZAWwgt6

On Linux:

$ perl -e 'print crypt("cow","X.") . "\n";'
X.I4zfZAWwgt6

Using that similarity, I change the web app's salt to add a "."
after the single salt char, and run sed on the files containing
encrypted passwords to have them all start with "X." where
they were before starting with XX.

One might expect XX would work, based on how salts are
supposed to appear, but this isnt the way it worked out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20090107/5ab79956/attachment.html>


More information about the nSLUG mailing list