passwd probs under FreeBSD

From: Jason Fischer (jasonf@COMPUMEDIA.COM)
Date: 08/26/97

Recently, I discovered that for almost all of our characters (any with a
name longer than 6 characters) that you could enter any password and the
game would let you in.  Now this confused the ever living hell out of me
for almost 2 days.  I debugged my way through db.c, comm.c, and
interpreter.c, but everthing seemed to be working as it should.

I finally wrote a program (further down) to test if it wasn't perhaps the
crypt function itself that was sporked.

gcc -lcrypt test.c under FreeBSD v.2.2.2 (I think, not my box)

#include <stdio.h>
#include <unistd.h>

#define CRYPT(a,b) ((char *) crypt((a),(b)))

main () {

const char *passwd, *salt;
char s[11];

passwd = "sekret";
salt = "Foobar";

strcpy(s, CRYPT(passwd, salt));

printf("%s\n", s);


This is the output I kept getting (same from withing gdb when examining

Foobar          $1$Foobar$ (the 11th byte being \0 I'm assuming)
Foo             $1$Foo$hfW (this one would NOT take any password)
Foobarbaz       $1$Foobarb (this one WOULD take any password)

It appears that the encrypted password tacks a $1$<salt>$ before the
actual encrypted part.

I guess my question is, has anyone else run across this?  If so, what did
you do to remidy it?

Jason Fischer            |  Any smoothly functioning technology is    |  indistinguishable from a rigged demo.
      "In the shadow of the light from a black sun" Type O-

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/08/00 PST