Closed
Bug 67662
Opened 24 years ago
Closed 23 years ago
Passwords don't work on FreeBSD 4.1
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
People
(Reporter: nb+bz, Assigned: justdave)
Details
The passwords system assumes that the result of MySQL's encrypt(x) function
contains the salt used for encryption as the first two characters, and so that
if c = encrypt(p), encrypt(p,left(c,2)) == c
This is not necessarily true under FreeBSD 4.1. MySQL's encrypt() function uses
the operating system's crypt() function, and under FreeBSD 4.1 (without the
unexportable DES encryption software), crypt() uses a modular encryption
function, and stores the encryption algorithm and the salt in the result like
this: "$<algorithm number>$<salt>$<ciphertext>", where <algorithm number> == 1
for MD5.
For instance:
$ uname -sr
FreeBSD 4.1-RELEASE
$ mysql test
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 21 to server version: 3.22.32
Type 'help' for help.
mysql> select encrypt('foo');
+------------------------------+
| encrypt('foo') |
+------------------------------+
| $1$sH$1hNbT97TWtLDu2bHGu1el0 |
+------------------------------+
1 row in set (0.00 sec)
mysql> select encrypt('foo','sH');
+------------------------------+
| encrypt('foo','sH') |
+------------------------------+
| $1$sH$1hNbT97TWtLDu2bHGu1el0 |
+------------------------------+
1 row in set (0.01 sec)
Possible fixes include always specifying the salt when calling encrypt. For
instance, one could use a hash of the user_id. I am using the simplest
workaround, which is to always use the salt '$1'. This is the first two
characters of the result of encrypt(), so the assumptions in the code continue
to work.
|
Assignee | |
Comment 1•24 years ago
|
||
ok, so how about if it's "smart" and if the cryptpasswd starts with a $ it uses
the text between the 2nd and 3rd $ as the salt, otherwise use the first two
chars?
|
||
Updated•24 years ago
|
Target Milestone: --- → Bugzilla 2.16
|
|
Assignee | |
Comment 2•23 years ago
|
||
This is already fixed, btw
*** This bug has been marked as a duplicate of 85472 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 3•23 years ago
|
||
V.
Status: RESOLVED → VERIFIED
Target Milestone: Bugzilla 2.16 → Bugzilla 2.14
|
|
Assignee | |
Comment 4•23 years ago
|
||
clearing milestone on closed non-FIXED bugs in case they ever get reopened.
Target Milestone: Bugzilla 2.14 → ---
|
|
Assignee | |
Comment 5•23 years ago
|
||
moving to Bugzilla product
reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
Assignee: tara → justdave
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
|
||
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•