> > crypt is, in many implementations, only defined on the lower 7 bits
> > of its input; I don't think it would be unreasonable if, say,
> > crypt(v4040.4040,$salt) == crypt("HH", $salt);
> > (You might want to make it 8 bits instead of 7, in case there are
> > 8-bit aware crypt implementations.)
>
> 8 sounds more defensive
It seems that we have no tests for crypt().
I thought of adding some but then remembered that some boxes have
replaced crypt() for hysterical reasons with MD5. I think for example
FreeBSD uses that scheme.
My question is does this really directly affect crypt()? In other
words, will crypt("foo", "xy") return something like
m!\$1\$[0-9a-f]{3,12}\$[0-9a-f]{16}$! (based on quick googling)
This is what I had in mind:
use Test::More tests => 3;
if (crypt("ab", "cd") =~ m!^cd[a-zA-Z0-9/.]{11}$!) {
ok(1, 'traditional: salt plus [a-zA-Z0-9/.]{11}');
} elsif (crypt("ab", "cd") =~ m!\$1[0-9a-f]{3,12}\$[0-9a-f]{16}$!) {
ok(1, 'MD5: $1$salt$hash');
} else {
fail("unknown crypt style');
}
ok(substr(crypt("ab", "cd"), 2) ne substr(crypt("ab", "ce"), 2), "salt has effect");
ok(crypt("HI", "HO") eq crypt(v4040.4041, "HO"), "crypted Unicode");
--
$jhi++; # http://www.iki.fi/jhi/
# There is this special biologist word we use for 'stable'.
# It is 'dead'. -- Jack Cohen
