Subject: bin/26779: pwhash(1) SHA1 feature displays incorrect hash
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <jeffi@rcn.com>
List: netbsd-bugs
Date: 08/28/2004 03:10:46
>Number:         26779
>Category:       bin
>Synopsis:       pwhash(1) SHA1 feature displays incorrect hash
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 28 03:11:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jeff Ito
>Release:        NetBSD 2.0G
>Organization:
>Environment:
NetBSD netbsd 2.0G NetBSD 2.0G (LAB) #13: Fri Aug  6 12:31:55 EDT 2004
>Description:
pwhash incorrectly displays SHA1 hashed strings

The commit that added this feature suggests the correct output is:
$<tag>$<iterations>$<salt>$<digest>

This is not what is output

>How-To-Repeat:
{809} pwhash -S 10 test
HOVJUheRqd422

after below patch:

{813} pwhash -S 10 test
$sha1$9$uPCSKCDn$MDLEk1LHvIXpt2CUDSHMjOCC/led
>Fix:


Index: pwhash.c
===================================================================
RCS file: /cvsroot/src/usr.bin/pwhash/pwhash.c,v
retrieving revision 1.6
diff -u -r1.6 pwhash.c
--- pwhash.c    2 Jul 2004 00:05:23 -0000       1.6
+++ pwhash.c    28 Aug 2004 03:07:02 -0000
@@ -125,6 +125,7 @@
                        __crypt_to64(&buffer[n + 4], arc4random(), 4);
                        buffer[n + 8] = '$';
                        buffer[n + 9] = '\0';
+                       salt = buffer;
                }
                break;
        case DO_BLF:

>Release-Note:
>Audit-Trail:
>Unformatted: