04-19-2013, 12:02 PM
(04-19-2013, 07:51 AM)Mem5 Wrote: Ok, I'll open a TRAC. Thank you for your help.
Curious question : how can somebody login into a system using a password with the null byte character ? As it is not printable.. ?!
Easy - just as an application can salt using any set of byte the programer likes, client applications can login using whatever set of byte values they care to send to the server application. Not all hashes come from data a human puts in via a keyboard at time of login!
Alternately, systems like Truecrypt and KeePass can use the contents of a binary file to generate a hash or part of a hash. Perhaps some other applications allow file-based entry.
I don't know enough about widgets like the Yubikey to know if it can do anything like that or not.