Re: Bug#714219: [Debian #714219] libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software
On Tue, Jul 2, 2013 at 12:52 PM, Alexandre Oliva <aoliva@redhat.com> wrote:
> At this point, I'd rather we took the opportunity to fix code that makes
> unsafe assumptions about the behavior of crypt than push the problem on
> for users to figure out when a glibc upgrade causes passwords to fail to
> be recognized because the salt suggests the use of a different,
> newly-recognized encryption algorithm.
Fully agreed.
> This is my current rationale for the current implementation, after two
> rounds of discussion on its merits. I must admit I'm not comfortable
> with the change that was made to out-of-alphabet DES salt, but ATM I'm
> even less comfortable with the alternatives. I didn't always favor the
> current situation, and that might change again depending on arguments I
> get. But then, I don't have the final word on any of this ;-)
>
> So, if the rationale above doesn't make you as (un)happy as I am about
> the current state of crypt in glibc, please bring forth your
> counterarguments and let's see if we can all come to a sensible
> agreement.
Exactly.
Cheers,
Carlos.
Reply to: