Crypt program choking - need help.

liguorir · 05-10-2004, 06:53 PM

-------------------------------------------------------------------------
I need some advise on crypt.

Belisarius · 05-10-2004, 07:01 PM

Sorry, I'm not enough of an expert to debug your problem, but I would like to ask another question. Why are you using crypt instead of something like md5?

liguorir · 05-10-2004, 07:13 PM

Thanks for the help.

Belisarius · 05-10-2004, 07:23 PM

crypt is an old one-way encryption algorithmn. MD5 is suppose to be superior, fewer collisions and what not. I see it used a lot more often than crypt now adays.

liguorir · 05-23-2004, 01:02 AM

I got it, thanks!

joe_bruin · 05-23-2004, 03:12 AM

Quote:

Originally posted by liguorir

Code:

// Determines random range to use int range = ( 1+(int) (3.0*rand()/(RAND_MAX+1.0)) );

what is this nonsense? if you're trying to generate a number between 1 and 3, this is a terrible way to do it. try this instead:

Code:

int range = 1 + (rand() % 3);

liguorir · 05-23-2004, 03:37 PM

But your solution does sound good to me!

Thanks.

joe_bruin · 05-23-2004, 04:02 PM

that is ancient history, and does not hold true for any modern system. man rand sayeth:

Code:

NOTES
       The  versions of rand() and srand() in the Linux C Library
       use the same random number generator as random() and sran_
       dom(),  so the lower-order bits should be as random as the
       higher-order bits.  However, on older  rand()  implementa_
       tions,  the lower-order bits are much less random than the
       higher-order bits.

       In Numerical Recipes in C: The Art of Scientific Computing
       (William  H.  Press, Brian P. Flannery, Saul A. Teukolsky,
       William T.  Vetterling;  New  York:  Cambridge  University
       Press, 1992 (2nd ed., p. 277)), the following comments are
       made:
              "If you want to generate a random integer between 1
              and 10, you should always do it by using high-order
              bits, as in

                     j=1+(int) (10.0*rand()/(RAND_MAX+1.0));

              and never by anything resembling

                     j=1+(rand() % 10);

              (which uses lower-order bits)."

besides, if you were worried about real random values, you would use the entropy gathering random device or a real random number generator (like those found on most processors) instead of rand(), and you would not have an implemetation that seems to favor numbers (one out of 3 values for your seed will be a number, even though numbers make up only 16% of the textspace).

liguorir · 05-23-2004, 04:13 PM

Joe,

Thanks for the advise.

Do you know the complete range of valid characters for salt/crypt?

I haven't been able to find it.

joe_bruin · 05-23-2004, 04:46 PM

salt is a two-character string chosen from the set [a-zA-Z0-9./].

my point was that picking 1-3(upper, lower, or digit) and then picking the character/digit, gives you a 1 in 3 chance that you'll pick a digit (while there are 52 characters and only 10 digits).

liguorir · 05-23-2004, 04:56 PM

I see now thanks,

Another question...

What are the values for ./ ( or is there an extended range? )

Note: http://www.asciitable.com/

Is it just 46 and 47?

And what do you advise to implement to have an equally distributed random production of valid characters?

Thanks,

Robert

joe_bruin · 05-23-2004, 05:33 PM

Code:

char *values = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"

mod = strlen(values);
for(i = 0; i < 2: i++) salt[i] = values[rand() % mod];

for some reason this message board decided to insert a space between my the quote and the value zero in the first line, and i can't seem to get rid of it. it should not be there.

liguorir · 05-23-2004, 05:49 PM

Got it.

liguorir · 05-23-2004, 05:57 PM

Works great... thank!