On Sáb, 2009-07-11 at 11:14 +1000, Mantrid wrote: > Problem description: Authentication is successful as long as the > password provided starts with and contains the entire encrypted > password, but additional characters are allowed > ... > +--------------------------------+---------------+----------------+ > | concat(`mailbox`,'@',`domain`) | password | clear_password | > +--------------------------------+---------------+----------------+ > | [email protected] | qGu7ggIwKRmU. | ClearPass | > +--------------------------------+---------------+----------------+ > > Note: the password hash was derived via <?php > base64_encode(mhash(MHASH_SHA256, 'HornsbyIT')); ?> >
No, you haven't used sha256 for that password, see:
$ perl -e "print crypt('HornsbyIT','qG')"
qGu7ggIwKRmU.
Moreover, using crypt DES (versus MD5, SHA or Blowfish) only the first
eight characters are relevant (used to build the key):
$ perl -e "print crypt('HornsbyI','qG')"
qGu7ggIwKRmU.
$ perl -e "print crypt('HornsbyI to be or not to be','qG')"
qGu7ggIwKRmU.
-- Jose Celestino SAPO.pt::Systems http://www.sapo.pt
--------------------------------------------------------------------- *
Progress (n.): The process through which Usenet has evolved from smart
people in front of dumb terminals to dumb people in front of smart
terminals.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
