Bugtraq mailing list archives

Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords)

From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Thu, 11 Nov 1999 15:16:29 -0500

[T]his makes networksolutions' crypted passwords far more vulnerable
to attack using a pre-generated dictionary [...] effectively there is
no salt at all.


Right.  Isn't that delightful of them?

Of course, there's also the question, what if the first two characters
do not belong to the a-zA-Z0-9./ set that are used to represent hashed
passwords?  Then the first two chars aren't a valid salt at all.

Feh.  Of all the people to make a gross blunder like this....

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) der Mouse (Nov 11)
- Re: networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) jlewis () LEWIS ORG (Nov 13)