[3835] in Athena Bugs
Re: suggestion: /usr/bin/crypt
daemon@ATHENA.MIT.EDU (probe@ATHENA.MIT.EDU)
Fri Dec 15 21:46:20 1989
From: probe@ATHENA.MIT.EDU
Date: Fri, 15 Dec 89 21:45:20 -0500
To: treese@CRL.DEC.COM
Cc: athena-ws@ATHENA.MIT.EDU, bugs@ATHENA.MIT.EDU
In-Reply-To: Win Treese's message of Fri, 15 Dec 89 21:15:10 EST,
Reply-To: Richard Basch <probe@ATHENA.MIT.EDU>
(The only reason why this one is being cc'd to bugs is that the code-fix
is actually included).
--- original message follows---
Date: Fri, 15 Dec 89 21:15:10 EST
From: Win Treese <treese@CRL.DEC.COM>
/usr/local/bin/crypt (emulation is not precise, but you get the idea).
Much easier than mucking with C code.
- Win
#!/bin/sh
echo -n "Password: "
stty -echo
read x
stty echo
echo -n "Password: "
stty -echo
read y
stty echo
if [ $x != $y ]; then
echo Password mismatch -- try again
fi
/usr/bin/crypt $x < $1 > $2
--- end of original message ---
The C-code wouldn't be too difficult to write either, and it would
preserve the exact I/O semantics.
if (argc != 2){
setup(getpass("Enter key:"));
}
else
setup(argv[1]);
could easily be changed to:
#define MAXPWLEN 128
char pass1[MAXPWLEN];
if (argc != 2) {
(void)strncpy(pass1,getpass("Enter key:"),MAXPWLEN);
if (strncmp(pass1,
getpass("Enter key again for verification:"),
MAXPWLEN)) {
fprintf("crypt: password mismatch\n");
exit(1);
} else
setup(pass1);
}
else
setup(argv[1]);
The main question is what is the best method for dealing with
verification. My personal opinion is that typing the password twice
should be done, and that a command line argument can be specified so
that it only asks once (for the benefit of decrypting easily without
having to type a hard key twice). [The change for this would be to
change:
if (strncmp(pass1,
to:
if (!askonce && strncmp(pass1,
and to add a little code for setting the "askonce" variable.
Comments?
-Richard
