Using crypt()
Eric Eden
erice at internic.net
Thu Apr 4 19:46:24 PST 1996
I'm testing a encryption program that includes use of crypt().
(I know its not the strongest scheme.) Here's the problem:
We ask users to e-mail us an encrypted password derived form the
crypt() utility when they set up an account. When they want to
change information related to the account, we ask them to e-mail the
cleartext of the encrypted password. The program then checks to see
if the cleartext matches the original encrypted password. If so, their
information is automatically updated.
The only problem is when users mistakenly supply cleartext initially,
they can never update their information because the program isn't
smart enough to realize that the user was submitting cleartext instead
of an encrypted password when setting up their account.
Is there any way to check and see if the text the user
supplies initially has been encrypted or is cleartext?
Or is there a better way to do this?
The account does not contain financial information, otherwise a
stronger scheme would be required. Right now the program allows the
user to choose from the auth schemes MAIL-FROM, CYPT-PW or PGP.
Any hints would be appreciated.
Eric
More information about the cypherpunks-legacy
mailing list