Project

General

Profile

Feature #4042

String#crypt shoud not accepted "\x00" as a salt.

Added by phasis68 (Heesob Park) about 7 years ago. Updated over 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
[ruby-core:33136]

Description

=begin
I noticed if the salt contains non ascii value, the result is platform dependant.
Especially, the salt start with "\x00", the result is empty string on Linux.

On Linux,
ruby 1.9.3dev (2010-11-04 trunk 29682) [i686-linux]
irb(main):001:0> "foo".crypt("\x00\x00")
=> ""
irb(main):002:0> "foo".crypt("\x00\x01")
=> ""
irb(main):003:0> "foo".crypt("\x01\x00")
=> "\x01\x01Rqd3mnMHSeY"
irb(main):004:0> "foo".crypt("\x01\x01")
=> "\x01\x01EV3MX6qznTs"
irb(main):005:0> "foo".crypt("ab")
=> "abQ9KY.KfrYrc"

On Windows,
ruby 1.9.3dev (2010-11-09 trunk 29737) [i386-mswin32_90]
irb(main):001:0> "foo".crypt("\x00\x00")
=> "..XXIp7/c78Qo"
irb(main):002:0> "foo".crypt("\x00\x01")
=> ".\x01XXIp7/c78Qo"
irb(main):003:0> "foo".crypt("\x01\x00")
=> "\x01.XXIp7/c78Qo"
irb(main):004:0> "foo".crypt("\x01\x01")
=> "\x01\x01XXIp7/c78Qo"
irb(main):005:0> "foo".crypt('ab')
=> "abQ9KY.KfrYrc"

I think that String#crypt shoud raise ArgError if "\x00" used as a salt.
=end


Related issues

Related to Ruby trunk - Bug #466: test_str_crypt(TestM17NComb) failedClosed2008-08-21

History

#1 Updated by naruse (Yui NARUSE) about 7 years ago

  • Status changed from Open to Rejected

=begin
String#crypt is the wrapper of crypt(3).
POSIX says crypt(3)'s algorithm is implementation-defined.
http://www.opengroup.org/onlinepubs/9699919799/functions/crypt.html
So your expectation, some of String#crypt's behavior is platform-independent, is wrong.

Moreover new applications should use digests.
=end

Also available in: Atom PDF