oss-sec mailing list archives
Re: CVE request: crypt_blowfish 8-bit character mishandling
From: The Fungi <fungi () yuggoth org>
Date: Mon, 20 Jun 2011 15:43:20 +0000
On Mon, Jun 20, 2011 at 07:19:13PM +0400, Solar Designer wrote: [...]
That said, I appreciate you posting this suggestion, and I'd be happy to consider some more. It is always possible that there's some brilliant idea I had not thought of...
No, I agree your proposed approach lends a more general solution which could be applied to the use cases I was considering. I saw you mention it over on the crypto list as well, but it sounded like you were trying to find ways to avoid a new hash encoding identifier in the wild which could conflict with something OpenBSD might consider assigning for some other purpose at a later date (though assuming this workaround makes it onto their radar, that seems an unlikely situation anyway). -- { IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829); WHOIS(STANL3-ARIN); SMTP(fungi () yuggoth org); FINGER(fungi () yuggoth org); MUD(kinrui () katarsis mudpy org:6669); IRC(fungi () irc yuggoth org#ccl); ICQ(114362511); YAHOO(crawlingchaoslabs); AIM(dreadazathoth); }
Current thread:
- CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 19)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Daniel Godás (Jun 20)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 20)
- Re: CVE request: crypt_blowfish 8-bit character mishandling The Fungi (Jun 20)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 20)
- Re: CVE request: crypt_blowfish 8-bit character mishandling The Fungi (Jun 20)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Josh Bressers (Jun 21)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 20)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Daniel Godás (Jun 20)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jun 21)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jun 22)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 23)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 23)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jun 27)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Michael Matz (Jun 27)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 27)