tedunangst_flak.rss.xml - sfeed_tests - sfeed tests and RSS and Atom files
  HTML git clone git://git.codemadness.org/sfeed_tests
   DIR Log
   DIR Files
   DIR Refs
   DIR README
   DIR LICENSE
       ---
       tedunangst_flak.rss.xml (28011B)
       ---
            1 <?xml version="1.0" encoding="UTF-8"?>
            2 <rss version="2.0">
            3   <channel>
            4     <title>flak</title>
            5     <link>https://flak.tedunangst.com/</link>
            6     <description>flak rss</description>
            7     <managingEditor>tedu@tedunangst.com</managingEditor>
            8     <image>
            9       <url>https://flak.tedunangst.com/icon.png</url>
           10       <title>flak rss</title>
           11       <link>https://flak.tedunangst.com/</link>
           12     </image>
           13     <item>
           14       <title>quick thoughts on bouncy castle bcrypt broken compare</title>
           15       <description><![CDATA[A few thoughts on the BCBCBC vulnerability. <a href="https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/">Original report</a>. There's a few things not explicitly stated in the report, which I thought may be interesting.<p><b>vuln</b><p>To recap, the bug is that password hashes are compared by looking at the position of each character value, instead of comparing the character values at each position. This leads to a great many false positives, effectively a password bypass.<p>Here's a few hashes to review. As a reminder, hashes are structured as algorithm identifier, log round count, then a base64 encoding of the salt followed by the encrypted password. (Password: password)<p><pre><code>$2b$08$EVUJdN.PNZbjUOi9D3nsJecEYZE2jN0dr1/3CEvawNH.d5lp9Nt9G
           16 $2b$08$TMwmj0nJfvO6eXGRTNoeaOGbivW1wvSAklXatjMo7tRwoo5FCxCTu
codemadness.org:70 /git/sfeed_tests/file/input/sfeed/realworld/tedunangst_flak.rss.xml.gph:27: line too long