A hole in crypt_blowfish

Brings back memories. A long long time ago in a computer lab far away, passwords were entered with dot (".") terminating entry instead of <ENTER>. Several of us had developed a reputation as naughty crackers, not evil, but we seemed to find holes rather too easily in what was only meant as an experimental system. We got locked out several times. Once, one of went to the admin to grovel and find out our penance and how soon we could get back on. The admin looked in the password file to tell us when 3 days would be up, and our friends was amazed to find they set locked out passwords to three dots. We already knew how passwords were handled - this system had 24 bit words, and rotated an accumulator 7 bits as each password character was entered (from a KSR-33 usually), then XORd each character into the accumulator. Naturally he realized as quickly as the rest of us that this meant only a few minutes work was required to find the right super duper password string to rotate and XOR until it matched three dots. The admins were horrified to find we were back in within 5 minutes.