# Secure Login
Strings are null terminated in C, therefore the strcmp function will stop comparing when it encounters a null byte. There's a chance the first byte provided by `/dev/urandom` will be a null byte, so if we continue entering empty strings as our password, we'll get a hit at some point.

Letting the following bash command run for a few seconds provides the flag:
team7786@actf:/problems/2021/secure_login$ while true; do python2.7 -c "print('\x00')" | ./login | grep actf ; done
Enter the password: actf{if_youre_reading_this_ive_been_hacked}

Original writeup (https://github.com/emil-muller/CTFs/blob/main/angstromctf2021/secure_login/writeup.md).