DragonFly users List (threaded) for 2012-01
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: Password hashing weakness in DF
Hi,
On 01/17/2012 11:50 PM, Aggelos Economopoulos wrote:
> > On 01/17/2012 10:12 AM, Matthias Schmidt wrote:
>> >> He guys,
>> >>
>> >> I want to bring the following discussion on the oss-security list to
>> >> your attention:
>> >>
>> >> http://www.openwall.com/lists/oss-security/2012/01/16/2
>> >>
>> >> This post and previous posts contain all known details. It seems
Solar
>> >> contacted Matt before, but unfortunately he does not responded (or at
>> >> least not on the list, I'm subscribed).
> >
> > Ugh. This is bad and, even worse, it's not immediatelly obvious how to
> > fix it w/o breaking any systems using this implementation.
Somebody on the john-dev lists implemented a fix. It reverts to the MD5
default and fixes the bugs:
http://www.openwall.com/lists/john-dev/2012/01/19/1
Cheers,
Matthias
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
