Basic auth not working 100%

On one of my boxes I noticed that if the password is only half the
string it
will authenticate.

Should be:

Username: tester

Pass: ThisPassword1234#&^

But the following authenticates:

Username: tester

Pass: ThisPassword

Can anyone confirm this behavior?

On Wed, Apr 7, 2010 at 7:33 PM, AMP Admin [email protected] wrote:

On one of my boxes I noticed that if the password is only half the string it
will authenticate.
Should be:
Username: tester
Pass: ThisPassword1234#&^
But the following authenticates:
Username: tester
Pass: ThisPassword
Can anyone confirm this behavior?

ThisPass will also authenticate - crypt() uses only first 8 symbols of
the password.


Boris D…

Yeps that’s a shortcoming of crypt(). One way to go around it is to use
a 8
char password, but a pretty random string (the “password”) as the
username
:wink:

Ray.

On Sat, Apr 10, 2010 at 10:33 PM, AMP Admin [email protected] wrote:

is there a way to make it longer?

bcrypt ($2a$…) passwords can be used - on FreeBSD, at least.


O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs