Re: Circle & SQL??

From: John Evans (evansj@HI-LINE.NET)
Date: 05/10/98

On Sun, 10 May 1998, Daniel Koepke wrote:

> As for it being 10: well, in stock Circle, it shouldn't be 10 (but it
> is).  It should be 13.  According to the crypt man pages, crypt()
> returns a series of 13 printable ASCII characters.  By making it 10,
> you're cutting off the last three of those characters.  Even though
> the password stuff will still work because you're using strn_cmp() for
> comparing only the first 10 characters of the string, I would still
> regard it as a bug.  Hmm, it's probably one of those things in bpl13,
> though.

I did some testing, and the 10 length seems to be the pre-encrypted
length, not what is saved in the datafiles.

If you type in 'superkalafrajalisticexpealadocious' as your PW, it'll
chopped to the first ten characters, which is only 'superkalaf'. This
means that you can type in 'superkalafXXXXX' and the password
verification will still work.

Why 10? Who knows? The technical reason was explained quite well by
Daniel. Perhaps 10 was just a carry-over from DIKU.

John Evans <>  --

Any sufficiently advanced technology is indistinguishable from magic.
  -- Arthur C. Clarke

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/15/00 PST