1. Home
  2. Categories
  3. Side Bar WTF
  4. What hash function?

What hash function?

  • E

    While I don't really speak perl, I was trying to fix a minor bug in our long term archives management utility. This function, found deep in the encryption system made my blood run cold.

    #
# Create and return a password.
# Parms:    Seed (number or string)
#           Number of chars in password
# Return:   String of random characters
sub makePassword($;$) {
        my $seed = shift;
        my $length = shift;
        my ($pascode, $code, $range, @chars);
        if (not $length) {
                $length = 8;
        }
        @chars = (('a'..'z'),('A'..'Z'),(0..9));# Select from these
        $range = scalar(@chars);                                # Count of characters
        $pascode = '';                                                  # Clear the password
        $seed =~ tr/[A-Za-z]/[0-90-90-50-90-90-5]/;             # Change letters to numbers
        srand($seed);                                                   # Password based on volume id
        while (length($pascode) < $length) {
                $code = int(rand($range));                      # Select a character
                if ($code >= 0 && $code <= $range) {
                        $pascode .= $chars[$code];              # Add it to the code
                }
        }
        return $pascode;
}

    Now I'm curious, how deep does this rabbit hole go?

    printf("%s\n", makePassword("012345") );
    • Windows98: oKWPlSZk (heh TrWTF, this is the utilitys native system)
    • OpenBSD 5.1: n4mST4v1
    0
  • vyznev

    Ouch.  As a nice side effect, by calling srand it clobbers the global random seed, making any random numbers generated after calling it depend only on its input.  That'll be a nice surprise for someone.

    0
Log in to reply