Date: Fri, 5 Apr 2002 02:05:22 -0800 (PST) From: Andre Yelistratov <andre@andre.net.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/36782: md5 salt documented as being 16 bytes max length. In reailty it is 8 bytes max length. Message-ID: <200204051005.g35A5Mo33553@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 36782
>Category: docs
>Synopsis: md5 salt documented as being 16 bytes max length. In reailty it is 8 bytes max length.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 05 02:10:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Andre Yelistratov
>Release: 4.5-Stable
>Organization:
Servocomp
>Environment:
FreeBSD andre.servocomp.ru 4.5-STABLE FreeBSD 4.5-STABLE #1: Tue Mar 12 14:28:26 MSK 2002 root@andre.servocomp.ru:/usr/obj/usr/src/sys/ANDRE i386
>Description:
The maximum length of salt in MD5 is hardoded at crypt-md5.c and represents 8 bytes,
contrary to 'man 3 crypt': 'The length of the salt is limited to 16 characters'.
crypt-md5.c:
/* Refine the Salt first */
sp = salt;
[skip]
/* It stops at the first '$', max 8 chars */
for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
continue;
>How-To-Repeat:
call md5 crypt() with any salt longer than 8 chars.
>Fix:
Trivial.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204051005.g35A5Mo33553>