Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   Password Problem, posted by Byron on Fri Apr 4 00:53:00 2003 
    icon2.gif   Re: Password Problem, posted by Stefan Ritt on Fri Apr 4 08:58:16 2003 
       icon2.gif   Re: Password Problem, posted by Byron on Fri Apr 4 19:49:32 2003 
          icon2.gif   Re: Password Problem, posted by Stefan Ritt on Mon Apr 7 22:50:17 2003 
Message ID: 267     Entry time: Fri Apr 4 08:58:16 2003     In reply to: 266     Reply to this: 270
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Bug report  OS:   ELOG Version:  
Subject: Re: Password Problem  
> I noticed that when I put in a password such as <test1> a person can login 
> with the password <test2> or any other number at the end.  Is the 
> encryption not able to tell the difference between numbers?  The encrypted 
> passwords even look the same in the password file.  Is this a bug?

This is really strange. Encryption only works on ASCII characters and does 
not distinguish between letters and digits. When I try to reporoduce that, 
the system distinguishes well between "test1" and "test2". The first gives 
encrypted "dGVzdDE=" and the second gives "dGVzdDI=", note the different "E" 
and "I". So I have no clue right now what is wrong in your installation. If 
running under Linux, you can compile elogd after adding "-DHAVE_CRYPT" and "-
lcrypt" to the Makefile to use the standard Linux crypt() function, but I 
would rather like to understand what is wrong in your case.

- Stefan
ELOG V3.1.5-fe60aaf