Steven Shiau
2005-Oct-04 02:25 UTC
[syslinux] Some passwords failed in simple menu (menu.c32) - Part II
[Forgot to mail to the mailing list, do it now.] Hi HPA: As we post in http://syslinux.zytor.com/archives/2005-September/005894.html Some passwords failed in simple menu (menu.c32) in syslinux 3.11. Recently we tried more, and we found more: fat, matt, wayne, bear, new or 54321 all fail. All the method is the same as we described in http://syslinux.zytor.com/archives/2005-September/005894.html Thanks. Regards, Steven. -- Steven Shiau
H. Peter Anvin
2005-Oct-04 04:18 UTC
[syslinux] Some passwords failed in simple menu (menu.c32) - Part II
Steven Shiau wrote:> [Forgot to mail to the mailing list, do it now.] > Hi HPA: > As we post in > http://syslinux.zytor.com/archives/2005-September/005894.html > Some passwords failed in simple menu (menu.c32) in syslinux 3.11. > Recently we tried more, and we found more: > fat, matt, wayne, bear, new or 54321 all fail. > All the method is the same as we described in > http://syslinux.zytor.com/archives/2005-September/005894.html >Are you using the same seed for all of them (I think you used "x" as the seed in the previous email)? Is there any commonality, e.g. that the encoded password contains, say, slashes? -hpa
H. Peter Anvin
2005-Oct-04 04:44 UTC
[syslinux] Some passwords failed in simple menu (menu.c32) - Part II
H. Peter Anvin wrote:> Steven Shiau wrote: > >> [Forgot to mail to the mailing list, do it now.] >> Hi HPA: >> As we post in >> http://syslinux.zytor.com/archives/2005-September/005894.html >> Some passwords failed in simple menu (menu.c32) in syslinux 3.11. >> Recently we tried more, and we found more: >> fat, matt, wayne, bear, new or 54321 all fail. >> All the method is the same as we described in >> http://syslinux.zytor.com/archives/2005-September/005894.html >> > > Are you using the same seed for all of them (I think you used "x" as the > seed in the previous email)? Is there any commonality, e.g. that the > encoded password contains, say, slashes? >Problem found: the base64 decoder handles plus signs incorrectly. A fix has been pushed out as syslinux-3.20-pre3, or you can generate passwords with different salts until you get ones without plus signs in the encoding. In general, you should *NOT* specify the salt, but let the program pick a random one. -hpa
Steven Shiau
2005-Oct-04 09:39 UTC
[syslinux] Some passwords failed in simple menu (menu.c32) - Part II
Hi HPA: Got it, and now it works. Appreciate that. Steven. H. Peter Anvin wrote:> H. Peter Anvin wrote: > >> Steven Shiau wrote: >> >>> [Forgot to mail to the mailing list, do it now.] >>> Hi HPA: >>> As we post in >>> http://syslinux.zytor.com/archives/2005-September/005894.html >>> Some passwords failed in simple menu (menu.c32) in syslinux 3.11. >>> Recently we tried more, and we found more: >>> fat, matt, wayne, bear, new or 54321 all fail. >>> All the method is the same as we described in >>> http://syslinux.zytor.com/archives/2005-September/005894.html >>> >> >> Are you using the same seed for all of them (I think you used "x" as >> the seed in the previous email)? Is there any commonality, e.g. that >> the encoded password contains, say, slashes? >> > > Problem found: the base64 decoder handles plus signs incorrectly. A fix > has been pushed out as syslinux-3.20-pre3, or you can generate passwords > with different salts until you get ones without plus signs in the encoding. > > In general, you should *NOT* specify the salt, but let the program pick > a random one. > > -hpa >-- Say YES to Openoffice.org (www.openoffice.org, openoffice.nchc.org.tw). Please AVOID distributing documents in WORD, EXCEL or POWERPOINT format. [Chinese Big5] ?????WORD, EXCEL ?? POWERPOINT?????. See http://www.fsf.org/philosophy/no-word-attachments.html and http://people.ofset.org/~ckhung/a/c041.php ----------------------------------------------------------------------------- Steven Shiau [Chinese Big5] ??? NCHC [Chinese Big5] ??????????? E-mail: steven _at_ nchc org tw; steven _at_ stick idv tw
H. Peter Anvin
2005-Oct-05 03:10 UTC
[syslinux] Some passwords failed in simple menu (menu.c32) - Part II
>> >> Problem found: the base64 decoder handles plus signs incorrectly. A >> fix has been pushed out as syslinux-3.20-pre3, or you can generate >> passwords with different salts until you get ones without plus signs >> in the encoding. >>I should have pointed out that another option is to change any + signs to a - sign; that will work with both the old and new code: sha1pass blah | tr + - -hpa