On Thu, 11 Nov 1999, der Mouse wrote:
> > [T]his makes networksolutions' crypted passwords far more vulnerable
> > to attack using a pre-generated dictionary [...] effectively there is
> > no salt at all.
>
> Right. Isn't that delightful of them?
>
> Of course, there's also the question, what if the first two characters
> do not belong to the a-zA-Z0-9./ set that are used to represent hashed
> passwords? Then the first two chars aren't a valid salt at all.
I don't know if this has been overlooked, or if people are just assuming
that most will use NetSlo's web forms...but you're free to send them your
own personally crypted password. I didn't even know they had a form for
creating your crypted password.
----------------------------------------------------------------------
Jon Lewis *[EMAIL PROTECTED]*| Spammers will be winnuked or
System Administrator | nestea'd...whatever it takes
Atlantic Net | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
