Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!aplcen!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!rpi!uupsi!sunic!dkuug!freja.diku.dk!kimcm
From: kimcm@diku.dk (Kim Christian Madsen)
Newsgroups: comp.unix.wizards
Subject: Re: How to acknowledge a Password for a Daemon point of view ?
Keywords: password dameon
Message-ID: <1990Aug26.230608.14724@diku.dk>
Date: 26 Aug 90 23:06:08 GMT
References: <1990Aug24.172402.21947@dg13.cec.be> <1990Aug25.025441.18302@diku.dk> <1990Aug25.145146.10570@mp.cs.niu.edu>
Organization: Department Of Computer Science, University Of Copenhagen
Lines: 33

rickert@mp.cs.niu.edu (Neil Rickert) writes:

>In article <1990Aug25.025441.18302@diku.dk> I wrote:
>>1) Read the encrypted password from the password file and store it in
>>   a variable, store the user typed password in another variable and
>>   use the function below:
>>
>>	int authenticate(crypt_pw,typed_pw)
>>	char	*crypt_pw, *typed_pw;
>>	{
>>		char		salt[2];
>>		extern char	*crypt();
>>	
>>		(void) strncpy(salt,crypt_pw,2);
>>		return(strcmp(crypt_pw,crypt(typed_pw,salt)) == 0);
>>	}
> What is wrong with skipping 'salt[2]' and the strncpy, and using:
>		return(strcmp(crypt_pw,crypt(typed_pw,crypt_pw)) == 0);

Well, nothing is wrong with skipping the salt, except that I find your
solution confusing if you compare it with the manual entry for
crypt(3C) and the formal parameter declaration of crypt(). Granted, my
solution uses an extra function call, the strncpy(), and two extra
bytes on the stack, but if tight optimizing or conservation of stack
usage isn't called for I prefer to use more describing/understanable
code, instead of rigid optimized code. Incidently I think the most
terse code will result from:

	return(!strcmp(crypt_pw,crypt(typed_pw,crypt_pw)));

					As Always, Best Regards
					Kim Chr. Madsen
					kimcm@diku.dk