Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: crypt_blowfish 8-bit character mishandling
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Thu, 7 Jul 2011 10:05:07 +0200

Solar Designer wrote:
Here's my current code, with lots of comments - more comments than code,
actually, because the code is very compact:

mkpasswd (package whois) checks whether the crypted password starts
with the originally requested prefix. Since crypt_gensalt now
returns $2y for $2a mkpasswd fails. I'm not claiming mkpasswd's
assumption on the behavior of crypt_gensalt is correct but it's not
documented whether crypt_gensalt may change the prefix.


 (o_   Ludwig Nussel
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer, HRB 16746 (AG N├╝rnberg) 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]