Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BLU0-SMTP389E13FA816320E1B3F6BBCFDFC0@phx.gbl>
Date: Fri, 22 Jun 2012 10:29:45 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Re: EPiServer format fails on 32-bit builds.

On 06/22/2012 10:03 AM, Dhiru Kholia wrote:
> data = base64.decodestring("fGJ2wn/5WlzqQoDeCA2kXA==")
> print len(data) # 16

Then I don't understand why unsigned char esalt[16] wasn't large enough
for the test vector.


> 18 is the upper bound. I will fix my source to use this upper bound.
> Thanks for the tip.

If the salt size really is variable, depending on the base64 encoded
salt, then this is certainly wrong as well:

SHA1_Update(&ctx, cur_salt->esalt, 16);

Is anybody able to provide more sample hashes, to see if salt size is
variable, and what the range is?

Finally, one more note.
May be the format isn't even properly named, because it is not specific
to EPiServer, but any application using the Microsoft .NET framework?

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.