> On Feb 15, 2022, at 5:13 PM, Mouse wrote:
>
>> There really should be a function that takes a user name or ID and a clearte$
>
> Maybe. But then you have a lot more failure modes and a lot more
> possible attack surface. It would also mean that you can't check or
> change passwords in
On 2/15/2022 5:04 PM, Mouse wrote:
(2) Hashing password, which takes the password and the settings and
returns an allocated string with the resulting hash. [...]
I really don't like making them depend on malloc, though I have a hard
time articulating what bothers me about it.
I can't say
> There really should be a function that takes a user name or ID and a clearte$
Maybe. But then you have a lot more failure modes and a lot more
possible attack surface. It would also mean that you can't check or
change passwords in single-user mode without starting the magic daemon;
that would
> There are two sensible interface contracts here:
> (1) Verification only, which takes the password and the expected hash
> and returns a bool. [...]
> (2) Hashing password, which takes the password and the settings and
> returns an allocated string with the resulting hash. [...]
Well, I
> On Feb 15, 2022, at 3:30 PM, Joerg Sonnenberger wrote:
>
> Am Wed, Feb 16, 2022 at 12:04:16AM +0100 schrieb Niclas Rosenvik:
>> do you mean that the interface should be
>> crypt_r(const char *key, const char setting, char * storage, size_t
>> *storage_len)
>> where storage can be set to
Am Wed, Feb 16, 2022 at 12:04:16AM +0100 schrieb Niclas Rosenvik:
> do you mean that the interface should be
> crypt_r(const char *key, const char setting, char * storage, size_t
> *storage_len)
> where storage can be set to NULL to return the needed storage size in
> storage_len?
No. There are
On Sat, 12 Feb 2022 23:32:31 +0100
Joerg Sonnenberger wrote:
> Am Sat, Feb 12, 2022 at 05:25:11PM +0100 schrieb Niclas Rosenvik:
> > On Mon, 7 Feb 2022 16:12:17 +0100
> > Thomas Klausner wrote:
> >
> > > Hi!
> > >
> > > I've been asked by the filezilla software developer if NetBSD
> > > will