Last time I ran into it, it turned out that for *legitimate* salts,
the linux crypt() was compatible, but for out-of-range ones, there
were differing results.   An easy way to test is to use perl. For
example:

solaris2.4+% perl -e 'print crypt("pass", "ab")."\n"'
abccBcrPOxnLU
solaris2.4+% perl -e 'print crypt("pass", "++")."\n"'
++kT1mYjlikoI
debian1.1+% perl -e 'print crypt("pass", "ab")."\n"'
abccBcrPOxnLU
debian1.1+% perl -e 'print crypt("pass", "++")."\n"'
++1clPVO6npvw

Note that with a salt of "ab" they match, but with a salt of "++" they
don't.  Classic crypt() used 4096 legal salts (":" was obviously out, I
don't recall exactly what range was used.)

If anything, the bug is that the solaris system is generating "out of
range" salt values...

Reply via email to