Date: Mon, 20 Jun 2011 07:55:30 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Either my test script is b0rken or BF has an 8-bit bug On Mon, Jun 20, 2011 at 03:08:52AM +0400, Solar Designer wrote: > Now I am wondering how Authen::Passphrase avoided the bug (IIRC, it used > my code from crypt_blowfish) I've just checked Crypt::Eksblowfish (which is used by Authen::Passphrase), versions 0.001 (almost initial, released in 2006) and 0.009 (current). Both use "unsigned char" there. So it appears that the author of Crypt::Eksblowfish happened to fix the bug while reworking/merging my code. Perhaps he did not realize there was a bug, but was merely adjusting the code to his conventions. (I think I got to reconsider mine.) However, PHP looks affected. :-( I'll contact the maintainer. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.