On Thu, 11 Nov 1999, der Mouse wrote: > > [T]his makes networksolutions' crypted passwords far more vulnerable > > to attack using a pre-generated dictionary [...] effectively there is > > no salt at all. > > Right. Isn't that delightful of them? > > Of course, there's also the question, what if the first two characters > do not belong to the a-zA-Z0-9./ set that are used to represent hashed > passwords? Then the first two chars aren't a valid salt at all. I don't know if this has been overlooked, or if people are just assuming that most will use NetSlo's web forms...but you're free to send them your own personally crypted password. I didn't even know they had a form for creating your crypted password. ---------------------------------------------------------------------- Jon Lewis *jlewisat_private*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:13 PDT