LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A hole in crypt_blowfish

A hole in crypt_blowfish

Posted Jun 24, 2011 0:08 UTC (Fri) by solardiz (guest, #35993)
In reply to: A hole in crypt_blowfish by dlang
Parent article: A hole in crypt_blowfish

Indeed. However, I was commenting on the specific issue brought up earlier in the comment thread - namely, that not only is it practical to find colliding inputs for the broken hash, but also it is practical to find inputs to the correct(ed) hash that match those of the broken hash. Thus, some post-upgrade safety measures may be desired, such as treating passwords with '\xff' chars specially.

(Log in to post comments)

A hole in crypt_blowfish

Posted Jun 26, 2011 11:28 UTC (Sun) by job (guest, #670) [Link]

Thanks for the clarification.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds