| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Feb 2013 20:26:23 -0500 From: Daniel Franke <dfoxfranke@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Coding of the in[inlen] array for PHS( ) Solar Designer <solar@...nwall.com> writes: > Yes, PHS() is defined to accept inlen, but in many scripting languages > and in many other APIs NULs may be problematic anyway. > > Should PHS() support embedded NULs even when the password hashing > scheme's primary implementation - one intended for actual use - does not > support embedded NULs? Well, perhaps it should... Does there exist a scripting language that's so broken with respect to dealing with embedded nulls that it's unreasonable for us to expect the primary implementation of our scheme to deal with them properly?
Powered by blists - more mailing lists