Date: Fri, 22 Sep 1995 10:08:36 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: questions@freebsd.org Cc: ports@freebsd.org Subject: A crypt problem Message-ID: <199509220808.KAA08220@labinfo.iet.unipi.it>
next in thread | raw e-mail | index | archive | help
[this has been crossposted to ports, because it is of some relevance there] I have a question on the use of MD5 crypt routines in cern_httpd. I suspect the problem also arises with other software packages which use crypt(). The cern package assumes the presence of DES crypt, and uses multiple invocation of the crypt routine to encode the password and then compare it with the correct one. The code is the following (in /usr/ports/net/cern_httpd/work/WWW/Daemon/Implementation/HTPasswd.c): while (len > 0) { char *tmp, salt[3], chunk[9]; CONST char *cur1 = password, *cur2 = encrypted; salt[0] = *cur2; salt[1] = *(cur2+1); salt[2] = (char)0; strncpy(chunk, cur1, 8); chunk[8] = (char)0; tmp = crypt((char*)password, salt); strcat(result, tmp); cur1 += 8; cur2 += 13; len -= 13; } /* while */ status = strncmp(result, encrypted, strlen(encrypted)); This does not work with MD5, so I had to replace it with the following simple sequence (MD5 can deal with strings longer than 8 chars): result=crypt(password, encrypted); status = strcmp(result, encrypted); My question is: would the above work with DES crypt ? I don't have DES installed, so I cannot try it. If the code works, then this is something that should be fixed on cern_httpd and possibly other ports which use crypt. Luigi ==================================================================== Luigi Rizzo Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it Universita' di Pisa tel: +39-50-568533 via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 http://www.iet.unipi.it/~luigi/ ====================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509220808.KAA08220>