Jeremy Evans wrote:
> As an aside, crypt("passwd", "$2") returns ":" instead of NULL. I'm not
> sure if that's a security issue, but I think it is and we should fix it.
> I'll see if I can get a patch for that and send it to tech@.
This is a weird edge case where niels decided to make bcrypt() work
differently than crypt(). i don't really know why. I think null is the safer
return, and we should probably switch. we don't have code that looks for ":"
(and certainly no third party code ever does), but there is code that checks
for null.
