tagish password-based authentication has a race condition

[GoogleCodeExporter]

What steps will reproduce the problem?
1. call com.tagish.auth.Utils.cryptPassword simultaneously from two different 
threads
2. watch it return a corrupt byte array
3. or you could indirectly call it by having two tagish FileLogin or DbLogin 
instances authenticate two users at the same time on two different threads, and 
having one or both logins fail.

What is the expected output? What do you see instead?
I would expect cryptPassword to return correct results independent of how many 
threads were calling it at the same time.

What version of the product are you using? On what operating system?
// $Id: Utils.java,v 1.5 2003/02/17 20:13:23 andy Exp $

Please provide any additional information below.

To solve the problem, simply change line 89 in 
OWASPJaasLoginModule/src/com/tagish/auth/Utils.java from:
  public static char[] cryptPassword(char pwd[]) throws Exception
to:
  public static synchronized char[] cryptPassword(char pwd[]) throws Exception

Original issue reported on code.google.com by hagga...@gmail.com on 30 Nov 2011 at 4:28