> [T]his makes networksolutions' crypted passwords far more vulnerable > to attack using a pre-generated dictionary [...] effectively there is > no salt at all. Right. Isn't that delightful of them? Of course, there's also the question, what if the first two characters do not belong to the a-zA-Z0-9./ set that are used to represent hashed passwords? Then the first two chars aren't a valid salt at all. Feh. Of all the people to make a gross blunder like this.... der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:34 PDT