I'm using a recent 1.5.1 version from CVS, and I have found what seems to be a problem with the OneTimePadEncrypt and OneTimePadDecrypt functions in functions/strings.php.
Sometimes, the result after decrypting using OneTimePadDecrypt is different from the original password that was passed to OneTimePadEncrypt. I have verified this by printing out the original password and the decrypted result via appropriately placed error_log() calls within the code. Most of the time, the "before" and "after" versions of the password are the same, but around 10% of the time (a rough estimate), they differ. In these cases, the login being performed fails. When the two versions differ, it always seems to be the case that they are the same for the leftmost few characters, after which the "after" version contains garbage. I don't know if this is due to a bug in the base64_encode/decode functions in my version of PHP, or if there is something fundamentally wrong with the OneTimePad algorithms. Has anyone else seen this problem? If so, is there perhaps a patch or a workaround? By the way, I'm using php-4.4.1 ... should I perhaps upgrade to a more recent version? Thanks in advance for any info or suggestions you might be able to supply. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
