[Mageia-dev] Blowfish bug
David W. Hodgins
davidwhodgins at gmail.com
Fri Jun 24 01:23:43 CEST 2011
For anyone who missed
http://it.slashdot.org/story/11/06/20/2257229/13-Year-Old-Password-Security-Bug-Fixed?utm_source=rss1.0&utm_medium=feed
There is a bug in many implementations of blowfish for hashing
8 bit characters (for example, in passwords), due to the usage
of char instead of unsigned char.
It's going to take a while to identify all of the places where
blowfish has been used with the incorrect code, and fixed.
Regards, Dave Hodgins
More information about the Mageia-dev
mailing list