|
|
|
|
|
|
by ejcx
3929 days ago
|
|
|
I've actually seen it cause numerous issues. For example, consider this pseudocode: // Returns binary data
shaPass = crypto.sha256(userPassword)
// returns an scrypt password
crypto.bcrypt(shaPass)
I've seen many people pass binary data into functions that will terminate reading the string at a null byte. This obviously limits the strength of the number of bytes before a null byte is hit in the binary data (mostly only concerns PHP and C).Just noticed someone else posted the ircmaxwell blog, which is the best writing on this topic. |
|
|