[Verse-dev] Bug in v_send_hidden_connect_login,
clearing the LSB of RSA data.
Emil Brink
emil at obsession.se
Fri May 4 09:40:59 CEST 2007
On 5/3/07, Alexander Boström <abo at kth.se> wrote:
> In v_send_hidden_connect_login:
>
> /* Make sure last (MSB) byte is clear, to guarantee that data < key for RSA math. */
> name_pass[sizeof name_pass - 1] = 0;
>
> I think it's the LSByte that is cleared here, and the reason it works
> anyway is that the MSB contains an ASCII value.
Whoa, that's ... deep. I'm not saying you're wrong, but I would need
to re-read the code which I cannot do at the moment. Will try to
review it within a week or so, though, thanks for pointing this out.
Other eyes welcome, of course.
Regards,
/Emil
More information about the Verse-dev
mailing list