lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 27 Sep 2003 12:42:16 +0400
From: "Ilya Teterin"  <alienhard@...l.ru>
To: bugtraq@...urityfocus.com
Subject: Re: base64


Bennett Todd:

> Outlaw people from receiving email on Windows, and we can
> do away with all this sludge

Heh. The base64 ambiguity isn't Windows MUAs issue ;-) Just tested MUAs for *nix:

1) kmail.
data truncated, warning

excellent!

2) pine. depending on input
* data truncated, warning reported
* decoding error reported

not too bad...

3) mutt depending on input
* decoding error reported
* input after padding is decoded

evil badness approaching!

4) emacs. similar to (3).

Also, tested perl MIME::Base64 - data truncated, no warnings (which is good for MUA but bad for filters), uudecode - input after padding is decoded, cryptopp (opensource crypto and enconding library) - paddings are ignored.

p.s. Windoze mustdie, *nix 4ever? ;-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ