Bugtraq mailing list archives
Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords)
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Thu, 11 Nov 1999 15:16:29 -0500
[T]his makes networksolutions' crypted passwords far more vulnerable to attack using a pre-generated dictionary [...] effectively there is no salt at all.
Right. Isn't that delightful of them? Of course, there's also the question, what if the first two characters do not belong to the a-zA-Z0-9./ set that are used to represent hashed passwords? Then the first two chars aren't a valid salt at all. Feh. Of all the people to make a gross blunder like this.... der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) der Mouse (Nov 11)
- Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) jlewis () LEWIS ORG (Nov 13)