Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Jun 2012 14:03:54 +0530
From: Dhiru Kholia <>
Subject: Re: Re: EPiServer format fails on 32-bit builds.

On Fri, Jun 22, 2012 at 1:59 PM, Frank Dittrich
<> wrote:
> On 06/22/2012 10:03 AM, Dhiru Kholia wrote:
>> data = base64.decodestring("fGJ2wn/5WlzqQoDeCA2kXA==")
>> print len(data) # 16
> Then I don't understand why unsigned char esalt[16] wasn't large enough
> for the test vector.

I haven't checked the source of base64_decode function but it needed
one byte more than 16 to function correctly.

> If the salt size really is variable, depending on the base64 encoded
> salt, then this is certainly wrong as well:
> SHA1_Update(&ctx, cur_salt->esalt, 16);
> May be the format isn't even properly named, because it is not specific
> to EPiServer, but any application using the Microsoft .NET framework?

Okay. What should we name it then? Any examples for applications using
the same hashing scheme would be good.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.