What hash function?
-
While I don't really speak perl, I was trying to fix a minor bug in our long term archives management utility. This function, found deep in the encryption system made my blood run cold.
# # Create and return a password. # Parms: Seed (number or string) # Number of chars in password # Return: String of random characters sub makePassword($;$) { my $seed = shift; my $length = shift; my ($pascode, $code, $range, @chars); if (not $length) { $length = 8; } @chars = (('a'..'z'),('A'..'Z'),(0..9));# Select from these $range = scalar(@chars); # Count of characters $pascode = ''; # Clear the password $seed =~ tr/[A-Za-z]/[0-90-90-50-90-90-5]/; # Change letters to numbers srand($seed); # Password based on volume id while (length($pascode) < $length) { $code = int(rand($range)); # Select a character if ($code >= 0 && $code <= $range) { $pascode .= $chars[$code]; # Add it to the code } } return $pascode; }
Now I'm curious, how deep does this rabbit hole go?
printf("%s\n", makePassword("012345") );
- Windows98: oKWPlSZk (heh TrWTF, this is the utilitys native system)
- OpenBSD 5.1: n4mST4v1
-
Ouch. As a nice side effect, by calling srand it clobbers the global random seed, making any random numbers generated after calling it depend only on its input. That'll be a nice surprise for someone.