Nadav Golombick wrote:
What is the correct procedure if I come to a situation where the
password length is too big for the given buffer.
If this is a design question, then the proper thing to do IMHO
is akin to what's done for HMAC-MD5 or HMAC-SHA1 -- if the
passphrase exceeds the buffer length
I'm sure others will have a better answer, but I seem to recall
that there's a difference between passwords and passphrases.
Directly using a human readable password is bad since there's not
enough randomness to it and you're limited to 8 or 16 characters.
With a passphrase you can do things like
The old unix crypt function would only use the first eight characters
of any password.
On Oct 23, 2005, at 2:10 AM, Nadav Golombick wrote:
What is the correct procedure if I come to a situation where the
password length is too big for the given buffer.
--
Nadav Golombick
___
What is the correct procedure if I come to a situation where the
password length is too big for the given buffer.
--
Nadav Golombick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Li
When the password to be returned in the callback function is too long
for the buffer given, what action should be taken?
Should zero be returned or a truncuated password?
Thanks,
--
Nadav Golombick
__
OpenSSL Project
