[Dovecot] weakness in hash salt generation
Timo Sirainen
tss at iki.fi
Fri Jul 23 21:06:05 EEST 2004
On 23.7.2004, at 20:11, Joshua Goodall wrote:
> Dovecot has routines for password hashing; two of these, crypt_generate
> and md5_generate, both use sizeof(salt_chars) when reducing a random
> string to salt.
So it seems. But how did you notice it? I don't think those functions
are ever called by Dovecot itself? They're there just in case some day
they would be useful..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040723/e394f39d/attachment-0001.bin>
More information about the dovecot
mailing list