[Gas] help on AuthManager DES fix
Brandon Bowersox
brandon at ojctech.com
Sat May 29 16:56:41 CDT 2004
I committed the AuthManager.pm fix to switch from Des.pm to Crypt::DES.
However, I broke it and now I don't understand how. Any thoughts?
The patch I'd emailed was a fix for version 1.16, but it turned out
in CVS AuthManager.pm was up to version 1.19. So I applied the fix
and committed it as AuthManager.pm 1.20. But 1.20 fails as below.
It appears that we make_cookie OK by calling nwis_crypt, then we give
the browser the cookie, the browser gives the same cookie back, but
when we crack_cookie the plaintext we get back has junk at the end!
Here are 4 debugs from the 4 important method calls.
nwis_crypt text [brandon:10.2.2.211:1085867181] returns [J-LEsHqnSfjdCqfQiemmeAiW.hyD08bCMH.0oNt5hvJX.,]
make_cookie login [brandon] host [10.2.2.211] time [1085867181] cookie [J-LEsHqnSfjdCqfQiemmeAiW.hyD08bCMH.0oNt5hvJX.,]
nwis_decrypt return [J-LEsHqnSfjdCqfQiemmeAiW.hyD08bCMH.0oNt5hvJX.,] ... ...gives [brandon:10.2.2.211:1085867181 -[!!".!!]
crack_cookie login [brandon] host [10.2.2.211] time [1085867181 -[!!".!!] cookie [J-LEsHqnSfjdCqfQiemmeAiW.hyD08bCMH.0oNt5hvJX.,]
Any ideas? I want to fix or revert soon so CVS doesn't have a broken
version.
Brandon
More information about the Gas
mailing list