[cvsnt] des crypt broken

Arkadiusz Miskiewicz arekm at maven.pl
Mon Jun 16 18:50:52 BST 2008


I was recently playing with cvsnt server and noticed that single 
DES encrypted password handling is broken.

Replacing custom implementation of crypt handling with system one
fixed the problem.

Note that md5 hashes were working correctly. Didn't dig into cvsnt own 
ufc_crypt() since system wide crypt() is much better and sane solution for 

Testing was done on linux 2.6/glibc 2.8.
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

More information about the cvsnt mailing list