[20960] in bugtraq
Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
daemon@ATHENA.MIT.EDU (Barney Wolff)
Mon Jun 11 13:22:01 2001
Date: Sun, 10 Jun 2001 22:19:38 -0400
From: Barney Wolff <barney@databus.com>
To: Tyler Walden <twalden@aa.net>
Cc: aleph1@securityfocus.com, bugtraq@securityfocus.com
Message-ID: <20010610221938.A86198@tp.databus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.3.96.1010608162241.26162A-100000@big.aa.net>; from twalden@aa.net on Fri, Jun 08, 2001 at 04:27:36PM -0700
Aside from using rand, which ain't worth much, perhaps it would
be better to actually supply 64 chars for what's supposed to be
a 64-byte array. You might even copy the "real" base64 encoding
array, which is (A..Z,a..z,0..9,+,/).
Barney Wolff
On Fri, Jun 08, 2001 at 04:27:36PM -0700, Tyler Walden wrote:
> local(@itoa64) = ( 0 .. 9, a .. z, A .. Z ); # 0 .. 63 # to64
