Anyone want to take bug 604 (salt in md5 passwd)?
Rob Landley
rob at landley.net
Tue Jan 10 02:22:20 UTC 2006
On Monday 09 January 2006 19:48, Mike Frysinger wrote:
> On Monday 09 January 2006 12:51, Rob Landley wrote:
> > I'd ask the bug submitter, but who is "taviso"?
>
> he's a Gentoo dev who works in the security sub project
>
> i told him to file the bug ;)
> -mike
Do you know how to fix it? I don't. (I understand the concept of salt, but
not the cryto API, nor how the the sha1 api differs from the crypto api (or
where there doesn't seem to be a man page on the sha1 stuff), nor what
busybox did to the crypto API, nor whether this changes the saved format and
thus I have to modify the any other code trying to use the salted passwords,
nor what to do about backwards compatability in that case...
I suspect I'm overanalyzing. I don't _think_ readers of salted passwords have
to care what the salt was (or whether there was any), but I don't know and
would much rather have somebody who knows this stuff do it than try to figure
it out. Got my hands full right now...
Rob
(Mount has been recalcitrant for a couple weeks now. I am hitting it with
progressively larger hammers...)
--
Steve Ballmer: Innovation! Inigo Montoya: You keep using that word.
I do not think it means what you think it means.
More information about the busybox
mailing list