Friday, February 15, 2008

Don't try this at work

A friend sent me the following code, meant to do simple string comparison for a standard password changing dialog:





char buf[256]



test_pass = 0;
for (i = 0; i < strlen(buf); ++i)
{
test_pass ^= (unsigned long)buf[i] << (i%4)*8;
test_pass = test_pass << (i%4)*8 test_pass >> (32 - (i%4)*8);
}

sscanf(g_config.m_pPassword, "%08X", &old_pass);
if (test_pass == old_pass)
{
// Get new password
GetDlgItemText(IDC_EDIT_NEW_PASS, buf, 255);

test_pass = 0;
for (i = 0; i < strlen(buf); ++i)
{
test_pass ^= (unsigned long)buf[i] << (i%4)*8;
test_pass = test_pass << (i%4)*8 test_pass >> (32 - (i%4)*8);
}

// Check configmation
GetDlgItemText(IDC_EDIT_NEW_PASS2, buf, 255);

test_pass2 = 0;
for (i = 0; i < strlen(buf); ++i)
{
test_pass2 ^= (unsigned long)buf[i] << (i%4)*8;
test_pass2 = test_pass2 << (i%4)*8 test_pass2 >> (32 - (i%4)*8);
}

if (test_pass != test_pass2)

{
MsgBox(".....");
EndDailog(1)

}
sprintf(buf,"%08",test_pass);
}

No comments: