search for: 370330

Displaying 1 result from an estimated 1 matches for "370330".

Did you mean: 370333
2004 Jul 23
1
weakness in hash salt generation
Dovecot has routines for password hashing; two of these, crypt_generate and md5_generate, both use sizeof(salt_chars) when reducing a random string to salt. I became suspicious when I noted that all salts generated are composed only of "./01". Unfortunately salt_char is declared static const char * rather than static const char [], and so sizeof(salt_chars) is the size of a pointer.