08:16 <Guest867> I didn't have a chance to work on it yesterday. Only had a little time this morning. I suspect that this solution will break if -lcrypt version changes. But it works on OpenBSD.

08:16 <Guest867> I'm not quite sure why it works only like this, with calling the exe itself. I had to compile picolisp with -lcrypt option. Otherwise picolisp again complains about Bad Ffi, even if I gave him full path to library.

08:16 <Guest867> lap1$ vi pil21/src/Makefile

08:16 <Guest867> MAIN = -rdynamic -lc -lutil -lm -lereadline -L/usr/local/lib -lffi -lncursesw -Wl,-z,nobtcfi -lcrypt

08:16 <Guest867> lap1$ cat pil21/lib/adm.l

08:16 <Guest867> # 30dec24 Software Lab. Alexander Burger

08:16 <Guest867> # *Salt *Login *Users *Perms

08:16 <Guest867> (de PASSWORD_LEN . 128)

08:16 <Guest867> (de passwd (Pass)

08:16 <Guest867>    (buf Ptr PASSWORD_LEN

08:16 <Guest867>       (setq Ret (%@ "crypt_newhash" 'I Pass "bcrypt,a" Ptr PASSWORD_LEN)) # -lcrypt !!!

08:16 <Guest867>       (ifn (=0 Ret)

08:16 <Guest867>          (quit "crypt_newhash")

08:16 <Guest867>          (struct Ptr 'S))))

08:16 <Guest867> (de auth (Nm Pw Cls)

08:16 <Guest867>    (with (db 'nm (or Cls '+User) Nm)

08:16 <Guest867>       (and

08:16 <Guest867>          (: pw 0)

08:19 <abu[7]> I see. So a simple 'native' call is different? I ses no reason why it should be so ...

08:21 <Guest867> Looks like it. I'll try to dig into it today

08:22 <abu[7]> OK

08:23 <abu[7]> nasty stuff :)

08:24 <Guest867> That's how we learn! :)

08:24 <abu[7]> true

08:33 <Guest867> Just wild guess. May be OpenBSD somehow protects me from loading external libs at runtime. All those pledge and unveil. Just how to test this hypothesis?

08:34 <abu[7]> This would be a permission issue? I cannot really imagine.

08:36 <abu[7]> I suspect the problem to be sure to really access the right *.so file

08:38 <abu[7]> -lcrypt vs. LD_LIBRARY_PATH

08:38 <Guest867> yes and yes and yes. Now I have an idea how to test it.

08:38 <abu[7]> It is confusing that there are so many crypt libraries

08:39 <Guest867> sure is

13:48 <taleon> " echo '<form id="vorlagen_form" onsubmit="return questionAndAction(dynamicPopupText, \'document.forms[\\\'vorlagen_form\\\'].submit();\');" action="?location=mission&amp;mid=' . $this->id . '" method="post"><br /><br /><div class="flex-box flex-row"><div class="flex-item light">';

13:48 <taleon> Woops

13:49 <abu[7]> ;)

13:50 <taleon> Pledge and unveil shouln't be a problem. PicoLisp wasn't compiled with these syscalls.

13:54 <taleon> However, wxallowed is missing from the file system permissions for $HOME. By default, /usr/local is the only file system with wxallowed. Copy your picolisp code somewhere under /usr local and then test again to see if it works.

13:56 <taleon> Most programs on OpenBSD aren't allowed to map memory with Write AND Execution bit at the same time (W^X means Write XOR Exec), this can prevents an interpreter to have its memory modified and executed. Some packages aren't compliant to this and must be linked with a specific library to bypass this restriction AND must be run from a partition with the "wxallowed" option.

13:56 <taleon> However, I have no idea whether that is really the problem here.

16:58 <Guest867> I still didn't dig into picolisp's native calls -lcrypt vs. LD_LIBRARY_PATH.

16:58 <Guest867> Just had an idea. There is openssl everywhere. And it knows how to do sha256. Which is irreversible and uncrackable. Why don't we just use it from cmd line. Without all that native calls, etc.

16:58 <Guest867> lap1$ ./pil +

16:58 <Guest867> : (pipe (out '(openssl sha256) (prinl "password")) (line T))

16:58 <Guest867> -> "(stdin)= 6b3a55e0261b0304143f805a24924d0c1c44524821305f31d9277843b8a10f4e"

17:11 <abu[7]> There ist also a standalone 'sha256sum' command. But that's not the point. Native calls *must* work ;)

17:12 <abu[7]> Well sha256sum is not what we need ...

17:14 <abu[7]> (native "libcrypto.so" "SHA256" '(B . 16) "hello" 5 '(NIL (16)))

17:14 <abu[7]> -> (44 242 77 186 95 176 163 14 38 232 59 42 197 185 226 158)

17:15 <Guest867> it works in OpenBSD too!

17:15 <Guest867> : (native "libcrypto.so" "SHA256" '(B . 16) "hello" 5 '(NIL (16)))

17:15 <Guest867> -> (44 242 77 186 95 176 163 14 38 232 59 42 197 185 226 158)

17:15 <abu[7]> 👍

17:16 <abu[7]> Just the pw stuff :(

17:16 <bjorkintosh> is there a reason it wouldn't have worked in OpenBSD?

17:16 <abu[7]> that's the question

17:18 <Guest867> Oh. Just few days ago I hit a real true insanity with those newhash/checkhash passwords. Everybody doing it different way. And solution I found for OpenBSD refused to work in termux.

17:18 <bjorkintosh> maybe termux was the problem.

17:20 <Guest867> I mean. There's ports of OpenBSD ways of doing things to linux and such. And I clearly lack the knowledge which way is better.

17:22 <bjorkintosh> a little man here and googling there and a stackoverflow will get you to where you need to be.

17:24 <Guest867> Honestly, so far, this chat and mail archive was the most useful

17:25 <bjorkintosh> + irc

21:09 <beneroth> well there is a big difference between "hashing to compare files/stuff" (optimized for speed) vs. "hashing to not store clear-text passwords" (optimized for more work, against speed and against scaling effects of better HW and parallelism)