oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: crypt_blowfish 8-bit character mishandling

From: The Fungi <fungi () yuggoth org>
Date: Mon, 20 Jun 2011 15:43:20 +0000
On Mon, Jun 20, 2011 at 07:19:13PM +0400, Solar Designer wrote:
[...]

That said, I appreciate you posting this suggestion, and I'd be
happy to consider some more. It is always possible that there's
some brilliant idea I had not thought of...


No, I agree your proposed approach lends a more general solution
which could be applied to the use cases I was considering. I saw you
mention it over on the crypto list as well, but it sounded like you
were trying to find ways to avoid a new hash encoding identifier in
the wild which could conflict with something OpenBSD might consider
assigning for some other purpose at a later date (though assuming
this workaround makes it onto their radar, that seems an unlikely
situation anyway).
-- 
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi () yuggoth org); FINGER(fungi () yuggoth org);
MUD(kinrui () katarsis mudpy org:6669); IRC(fungi () irc yuggoth org#ccl);
ICQ(114362511); YAHOO(crawlingchaoslabs); AIM(dreadazathoth); }
Previous By Date Next
Previous By Thread Next

Current thread: