Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dcf3400d-0bb9-4676-b8fa-2ecadbd0400e@gmail.com>
Date: Wed, 3 Jun 2026 08:00:49 +0900
From: Seo Suchan <tjtncks@...il.com>
To: musl@...ts.openwall.com
Subject: Re: musl crypt() fallback to DES for unknown hash algorithm

current crypt_r will fallback to des even things like $8$, so something 
need to be done anyway

26. 6. 3. 07:40에 Thorsten Glaser 이(가) 쓴 글:
> On Tue, 2 Jun 2026, Seo Suchan wrote:
>
>> better reject |any hash started with $ but musl doesn't about
>> crypt_r() should return error. man crypt.3 suggest it'd set errorno to
>> EINVAl and return invalid hash starting with *|
>  From the BSD side: yescrypt is an API misuse, the manpage clearly
> documents that the extended mode is used if the string begins with
> a dollar sign and a number.
>
> For applications wishing to use such nōn-standard extensions:
> they should first run a known string through the crypt(3)
> function and check its return value matches expectations.
>
> Please convey this to the busybox developers.
>
> bye,
> //mirabilos, not speaking for musl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.