[ postfixadmin-Bugs-2814820 ] crypt() is not used according to specs
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[ postfixadmin-Bugs-2814820 ] crypt() is not used according to specs
|
From: SourceForge.net <no...@so...> - 2009-06-30 20:18:47
|
Bugs item #2814820, was opened at 2009-06-30 22:18 Message generated for change (Tracker Item Submitted) made by nls You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2814820&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v 2.3 Status: Open Resolution: None Priority: 5 Private: No Submitted By: nls (nls) Assigned to: Nobody/Anonymous (nobody) Summary: crypt() is not used according to specs Initial Comment: In functions.inc.php, pacrypt() uses the php crypt() function the wrong way when processing MD5 hashes. For the salt, all 12 characters of the input password hash salt must be used, including the magic sequence and the closing dollar sign, for example: "$1$abcdefgh$". Otherwise the crypt() function generates the shorter DES password hashes and password comparison always fails. This problem has become apparent for me when I was trying to migrate a user db for postfixadmin, where user password hashes are stored as DES for some users, and as MD5 for others. pacrypt() would be able to handle both, but currently it doesn't because of the forementioned mistake. Simply using $salt = "\$1\$${split_salt[2]}\$"; solves the problem. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2814820&group_id=191583 |
