Date: Sat, 09 May 2015 23:40:03 -0400 From: Kash Pande <kash@...pleback.net> To: oss-security@...ts.openwall.com Subject: openwall phpass fallback mode http://www.openwall.com/phpass/ This library has an unfortunate consequence when using it in multiple environments without strong consistent access to one crypto method.. it will fall back to weaker methods, which breaks the expectations of security.. Fallback have been assigned CVE here before. As well, it is an openwall release. I may be wrong and it could already be assigned one, but I don't see it. -- Kash Pande
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ