Follow @Openwall on Twitter for new release announcements and other news
[<prev] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z/YugpXb6qF4myAo@pureos>
Date: Wed, 9 Apr 2025 10:23:30 +0200
From: Matthias Apitz <guru@...xarea.de>
To: yescrypt@...ts.openwall.com
Subject: Re: using a hash pointer returned from crypt(3) for
 yescrypt

El día miércoles, abril 09, 2025 a las 01:37:21 +0200, Solar Designer escribió:

> > ...
> >      It's also not safe to use the pointer returned as an argument for
> >      another call to crypt(3).
> 
> Thank you for reporting this.  I understand that this behavior may be
> unexpected.  And yes, traditionally the static output buffer would only
> be overwritten much later inside crypt(3), after it's done reading its
> arguments.  It's libxcrypt trying not to leave sensitive data around and
> to shorten its lifetime, and maybe being overzealous at that.  So I've
> just opened this issue:
> 
> https://github.com/besser82/libxcrypt/issues/209

Hello Alexander,

Thanks for filing the issue in github.com. I've subscribed to it to see
further progress. For me, as I learned my lesson already, it would be
good enough to update a least the man page with this hint.

Thanks

	matthias

-- 
Matthias Apitz, ✉ guru@...xarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.