Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Jun 2011 15:43:20 +0000
From: The Fungi <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: crypt_blowfish 8-bit character
 mishandling

On Mon, Jun 20, 2011 at 07:19:13PM +0400, Solar Designer wrote:
[...]
> That said, I appreciate you posting this suggestion, and I'd be
> happy to consider some more. It is always possible that there's
> some brilliant idea I had not thought of...

No, I agree your proposed approach lends a more general solution
which could be applied to the use cases I was considering. I saw you
mention it over on the crypto list as well, but it sounded like you
were trying to find ways to avoid a new hash encoding identifier in
the wild which could conflict with something OpenBSD might consider
assigning for some other purpose at a later date (though assuming
this workaround makes it onto their radar, that seems an unlikely
situation anyway).
-- 
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi@...goth.org); FINGER(fungi@...goth.org);
MUD(kinrui@...arsis.mudpy.org:6669); IRC(fungi@....yuggoth.org#ccl);
ICQ(114362511); YAHOO(crawlingchaoslabs); AIM(dreadazathoth); }

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ