| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000901ce0e2a$b1f371e0$15da55a0$@acm.org> Date: Mon, 18 Feb 2013 14:52:55 -0800 From: "Dennis E. Hamilton" <dennis.hamilton@....org> To: <discussions@...sword-hashing.net> Subject: RE: [PHC] Coding of the in[inlen] array for PHS( ) Good. A cryptographically-random byte sequence or two would also be useful for test vectors. My view is that PHS( ) should not interpret the sequence as any character code whatsoever. Nothing to mishandle. - Dennis -----Original Message----- From: Daniel Franke [mailto:dfoxfranke@...il.com] Sent: Monday, February 18, 2013 14:12 To: discussions@...sword-hashing.net Subject: Re: [PHC] Coding of the in[inlen] array for PHS( ) "Dennis E. Hamilton" <dennis.hamilton@....org> writes: > The ASCII/non-ASCII about desirable test vectors suggest that being > character set sensitive is permissible. I don't think it suggests that at all. The purpose of test vectors is to check the correctness of implementations. One plausible way to mess up an otherwise-correct implementation is to mishandle inputs containing non-ASCII characters. Therefore non-ASCII test vectors are desirable. I would amend the recommendation by explicit calling for some test vectors containing embedded null bytes.
Powered by blists - more mailing lists