New Login: need crypt
Carl Ellison
cme at ellisun.sw.stratus.com
Thu Apr 4 07:36:02 AEST 1991
In article <bigpryct at dce.ie> em at dce.ie (Eamonn McManus) writes:
>There is an undocumented routine called bigcrypt() which is called in
>essentially the same way as crypt(). It produces the same result as
>crypt() for short passwords (<= 8 plaintext characters); for longer
>passwords it apparently crypts each block of eight characters separately
>and concatenates the results.
If I understand this correctly, bigcrypt() will let you know, through the
number of output blocks, truncate(password_length / 8).
Needless to say, that's a security flaw.
More information about the Comp.unix.sysv386
mailing list