From: Rich Felker <dalias@aerifal.cx>
To: musl@lists.openwall.com
Subject: Re: Help-wanted tasks for musl
Date: Sun, 19 Aug 2012 20:51:28 -0400 [thread overview]
Message-ID: <20120820005128.GB27715@brightrain.aerifal.cx> (raw)
In-Reply-To: <20120819172921.GF16602@port70.net>
On Sun, Aug 19, 2012 at 07:29:21PM +0200, Szabolcs Nagy wrote:
> * Szabolcs Nagy <nsz@port70.net> [2012-08-19 18:56:52 +0200]:
> > 3)* reference implementation and glibc accepts negative
> > rounds in an implementation defined way, ie.
> >
> > '$5$rounds=-4294965296$' is treated as
> > '$5$rounds=2000$' on a 32bit system and as
> > '$5$rounds=999999999$' on a 64bit one
> >
> > (according to spec N is clamped into 1000...999999999
> > so the correct treatment would be '$5$rounds=1000$')
> >
>
> i was wrong here about the correct treatment
>
> the spec says that N is an unsigned decimal so negative
> numbers must not be recognized at all
> (so in this case the default rounds should be used and
> 'rounds=-4294965296' should be treated as salt)
>
> but i guess the spec does not matter much in this case,
> either we should be bug compatible with glibc or reject
> such salts
The characters '=', '-', and '$' are not valid in salt, are they?
My preference would be to reject anything that looks like a setting
but actually gets treated as salt, rather than hashing it in some
implementation-specific way that leads to buggy, non-portable password
hashes.
Rich
next prev parent reply other threads:[~2012-08-20 0:51 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-19 4:26 Rich Felker
2012-08-19 8:10 ` idunham
2012-08-19 16:18 ` William Haddon
2012-08-19 8:44 ` boris brezillon
2012-08-19 11:49 ` Szabolcs Nagy
2012-08-19 16:56 ` Szabolcs Nagy
2012-08-19 17:29 ` Szabolcs Nagy
2012-08-20 0:51 ` Rich Felker [this message]
2012-08-20 1:35 ` Szabolcs Nagy
2012-08-20 1:39 ` Rich Felker
2012-08-20 1:58 ` Szabolcs Nagy
2012-08-20 2:12 ` Rich Felker
2012-08-28 20:09 ` Szabolcs Nagy
2012-08-28 23:35 ` Szabolcs Nagy
2012-08-29 0:15 ` Szabolcs Nagy
2012-08-29 14:30 ` Rich Felker
2012-08-29 15:14 ` Szabolcs Nagy
2012-08-29 17:01 ` Rich Felker
2012-08-30 8:40 ` Szabolcs Nagy
2012-08-19 21:46 idunham
2012-08-19 22:19 ` Gregor Richards
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120820005128.GB27715@brightrain.aerifal.cx \
--to=dalias@aerifal.cx \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).