Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using crypt() from crypt.h

Tags:

c

pointers

cs50

crypt

I am doing the week2 pset for CS50. When using the crypt function, the char pointers which point to the ciphertext of any string always point to the last thing I encrypted. For example: 

char password[] = "AAAA";
char toCrack[] = "AAzz";
printf("%s\n", password);
printf("%s\n", toCrack);

char *toCrackCiph = crypt(toCrack, "da");
char *passwordCiph = crypt(password, "aa");


printf("%s\n", passwordCiph);
printf("%s\n", toCrackCiph);

toCrackCiph and passwordCiph equal each other, even though their strings are not the same, and neither is the salt.

Am I making a simple pointer error somewhere?

Thanks,

like image 859
Zach LeFevre Avatar asked Mar 10 '23 00:03

Zach LeFevre

1 Answers

(I am not familiar with CS50. I am answering this question under the assumption that crypt is the function crypt(3) from the traditional Unix standard C library.)

crypt is a very old function, from the days before anyone worried about thread-safety in C. Every time you call it, it returns the same pointer, pointing to a static buffer inside the C library. Each call overwrites the result of any previous call.

If you print out the result of the first crypt call before calling it again...

#include <stdio.h>
#include <unistd.h>

int 
main(void)
{
    char password[] = "AAAA";
    char toCrack[] = "AAzz";
    printf("%s\n", password);
    printf("%s\n", toCrack);

    char *toCrackCiph = crypt(toCrack, "da");
    printf("%s\n", toCrackCiph);

    char *passwordCiph = crypt(password, "aa");
    printf("%s\n", passwordCiph);
    return 0;
}

... then you will see two different strings. The output on my computer is

AAAA
AAzz
daeBW5vt16USo
aaI8pRQwCn7N2

Since you are using salt strings that request the old DES-based password hash algorithm, you should get the same thing.

This is a classroom exercise, but I must still point out that the old DES-based password hash can be broken by brute force on any modern computer, so it should never be used for real passwords. You can probably get a better algorithm to be used by specifying a different style of salt string, something like "$5$bpKU3bUSQLwX87z/$".

like image 91
zwol Avatar answered Mar 24 '23 01:03

zwol
Sign in to Comment

Related questions

Is there a way to detect, a C-file is compiled directly into an executable?
How to properly use % or * (asterisk) symbols as a placeholder in makefile?
Calling execv after creating a thread
What is the type of (ptr - A[0]) / (sizeof(A[0]) / sizeof(A[0][0]))?
Sort a Linked list using C
char* (Array) cast to unsigned long + 1?
incrementing pointers to multi-dimensional array in C
Memory confusion for strncpy in C
How to convert a numeric string starting with 0 to an octal number
What is the role of this macro in function declaration?
output different elements from two arrays
Should I free memory for a short lived program if memory footprint is not an issue? [closed]
Why can not alloca be used in function argument list?
Type of DBL_MAX
Force GCC to access structs with words
How to model random variables?
Qsort and Comparators weird behaviour. C
addref and release in IUnknown, what do they actually do?
Makefile - How to hide "no such file or directory" errors while cleaning?
C Convert a Short Int to Unsigned Short

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!