URL:
<http://savannah.gnu.org/bugs/?32875>
Summary: password login fail if the hashed password has more
than 1 . or /
Project: GNU Screen
Submitted by: sherif
Submitted on: Tue 22 Mar 2011 08:39:14 AM GMT
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 4.0.3
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Details:
I used a simple python script to generate random salt for password encryption
using crypt python library, including password HASH in .screenrc sometime
works and some times don't, by observing the behaviour I find that if the hash
something like the follow:
$1$1F0JSWIG$8ehSYNV834hcaBM4KgJhG1 will not prompt for password
$1$YNMAB2D6$wYPhEaWGPM8zfi.HqySLL1 will give login failed
$1$H369GRQO$qKOS.WYJfmYza4qeHcIys/ will give login failed
$1$ISEZPQN4$6BpAWUkoTvBUH5FOmd8fr/ will work
NOTE: Password foobar
My guess is that the parsing for the password attribute uses delimiter "." or
"/" which in case 2 and 3 exits twice or once in the middle, so screen takes
half the hash "where the 1st delimiter found" and compare the input password,
in case 1 no delimiter found. Case 4 works perfectly
Thank You
Sherif
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?32875>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
