Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of

From: der Mouse (mouseat_private)
Date: Thu Nov 11 1999 - 12:16:29 PST

Next message: Ben: "Update on Auto_FTP"

Previous message: Anonymous: "Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND"
Maybe in reply to: Jefferson Ogata: "networksolutions CRYPT-PW salt (was: Re: Insecure handling of"
Next in thread: jlewisat_private: "Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> [T]his makes networksolutions' crypted passwords far more vulnerable
> to attack using a pre-generated dictionary [...] effectively there is
> no salt at all.

Right.  Isn't that delightful of them?

Of course, there's also the question, what if the first two characters
do not belong to the a-zA-Z0-9./ set that are used to represent hashed
passwords?  Then the first two chars aren't a valid salt at all.

Feh.  Of all the people to make a gross blunder like this....

					der Mouse

			       mouseat_private
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: Ben: "Update on Auto_FTP"
Previous message: Anonymous: "Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND"
Maybe in reply to: Jefferson Ogata: "networksolutions CRYPT-PW salt (was: Re: Insecure handling of"
Next in thread: jlewisat_private: "Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:34 PDT