ROT13 is based on the fact that there are 26 alphabetic characters. By adding 13 to any character value, you get a letter exactly halfway 'later' in the alphabet. The advantage is that if you do it again, you get the original text.
The translation: An empty password will pass this check because the code uses the length of the user entry, not the length of the correct password. Other potential problems (buffer overflows, etc.) are left as an exercise for the reader. [Shameless plug: If you enjoy problems like this, have strong security experience, communicate well, and want a job at a fun (and profitable) company, visit http://www.cryptography.com/company/careers.html.]
For the security-lingo disadvantaged... (Score:1, Troll)
Re:For the security-lingo disadvantaged... (Score:2)
See http://www.allthingsuseless.com/rot13.php [allthingsuseless.com] to play around with it.
The translation:
An empty password will pass this check because the code uses the length of the user entry, not the length of the correct password. Other potential problems (buffer overflows, etc.) are left as an exercise for the reader. [Shameless plug: If you enjoy problems like this, have strong security experience, communicate well, and want a job at a fun (and profitable) company, visit http://www.cryptography.com/company/careers.html.