lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2013 20:26:23 -0500
From: Daniel Franke <>
Subject: Re: [PHC] Coding of the in[inlen] array for PHS( )

Solar Designer <> writes:

> Yes, PHS() is defined to accept inlen, but in many scripting languages
> and in many other APIs NULs may be problematic anyway.
> Should PHS() support embedded NULs even when the password hashing
> scheme's primary implementation - one intended for actual use - does not
> support embedded NULs?  Well, perhaps it should...

Does there exist a scripting language that's so broken with respect to
dealing with embedded nulls that it's unreasonable for us to expect the
primary implementation of our scheme to deal with them properly?

Powered by blists - more mailing lists