DragonFly BSD
DragonFly users List (threaded) for 2012-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Password hashing weakness in DF


From: Matthias Schmidt <matthias@xxxxxxxxxxxxxxxx>
Date: Thu, 19 Jan 2012 11:49:14 +0100

Hi,

On 01/17/2012 11:50 PM, Aggelos Economopoulos wrote:
> > On 01/17/2012 10:12 AM, Matthias Schmidt wrote:
>> >> He guys,
>> >>
>> >> I want to bring the following discussion on the oss-security list to
>> >> your attention:
>> >>
>> >> http://www.openwall.com/lists/oss-security/2012/01/16/2
>> >>
>> >> This post and previous posts contain all known details.  It seems
Solar
>> >> contacted Matt before, but unfortunately he does not responded (or at
>> >> least not on the list, I'm subscribed).
> >
> > Ugh. This is bad and, even worse, it's not immediatelly obvious how to
> > fix it w/o breaking any systems using this implementation.

Somebody on the john-dev lists implemented a fix.  It reverts to the MD5
default and fixes the bugs:

http://www.openwall.com/lists/john-dev/2012/01/19/1

Cheers,

	Matthias



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]