> Yet, the auth function in mysqlauth.c uses the password as the salt:
>
> -- snip --
> else if ( strcasecmp(__auth_row[2], "crypt") == 0)
> {
> trace (TRACE_DEBUG,"auth_validate(): validating using crypt()
> encryption");
> is_validated = (strcmp( (const char *) crypt(password, __auth_row[1]),
> __auth_row[1]) == 0) ? 1 : 0;
> }
> -- snip --
>
> or am I misreading this?
Nope, that's indeed how it works. The same thing works with md5 hash
passwords, as the first 8 chars are the salt (and the same crypt()
function handles them both).
--
Jesse Norell
[EMAIL PROTECTED] is not my email address;
change "administrator" to my first name.
--
