[impdev] http://redmine.kokuaviewer.org/issues/1126 encrypting passwords.

David Seikel onefang at gmail.com
Tue Mar 6 09:28:29 PST 2012


On Wed, 7 Mar 2012 03:26:26 +1000 David Seikel <onefang at gmail.com>
wrote:

> On Tue, 6 Mar 2012 21:52:09 +1000 David Seikel <onefang at gmail.com>
> wrote:
> 
> > Both sorts of stored passwords are 32 bit hexadecimal strings.  So
> > we can't tell which sort of password it is and fix it on the fly.
> 
> Actually, the encrypted password is 32 bytes of binary, where the
> hashed one we store is 32 hex digits.  I think that's the bug that
> comment was referring to.  Can't store raw binary in XML files in the
> same way we store a string of hex digits.

Well, that plus the fact the MAC was not figured out until AFTER the
passwords where decrypted.

-- 
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.imprudenceviewer.org/pipermail/impdev-imprudenceviewer.org/attachments/20120307/652da873/attachment-0002.pgp>


More information about the ImpDev mailing list