https://issues.apache.org/bugzilla/show_bug.cgi?id=45340
Summary: Example Java code produces wrong digest-authentication
passwords
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
URL: http://httpd.apache.org/docs/2.3/misc/password_encryptio
ns.html
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: Documentation
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
The code fragment in "Miscellaneous Documentation > Password Formats > Digest
Authentication > Database password fields for mod_dbd > Java" will produce
30-character or even shorter hexdigit strings if the upper 8 bits are 0. This
will happen for 0.39% (1/256) of passwords.
if (s.length() % 2 != 0) s = "0" + s;
(apparently, the 6.25% (1/16) of cases in which the upper 4 bits are 0 have
been addressed) should be replaced by
while (s.length() < 32) s = "0" + s;
Note that I didn't test this code. If you don't like the loop due to its worst
case runtime, please consider its expected runtime (random average). The body
of the loop is rarely entered.
Best regards,
JJ
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
