From bf55b0b77a80b2a0d21a5f7845c8cde4b518f662 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 13 Apr 2011 14:40:23 +0000
Subject: [PATCH] more restrictions on crypt(3) hash recognition to prevent
 false positives

---
 lib/utils/hash.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index edc07474b..cd3d93cc3 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -303,8 +303,9 @@ def hashRecognition(value):
                 continue
             elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
                 continue
-            elif regex == HASH.CRYPT_GENERIC and getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value):
-                continue
+            elif regex == HASH.CRYPT_GENERIC:
+                if any([getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value), value.lower() == value, value.upper() == value, value.isdigit()]):
+                    continue
             elif getCompiledRegex(regex).match(value):
                 retVal = regex
                 break