-
Code review shows that the entered password is manipulated in a way that loses its case information for the purposes of hashing the actual pw data. Need to do a bit of research to confirm whether (and to what degree) this is cryptologically significant. This will break existing PW databases, so it should be worked into a major release.
2009-04-21 05:47:59 UTC in w3pw
-
BTW, the staleness of these threads makes me wonder whether the author is still actively working on it. If it appears he is not, I might be up to help maintain a fork of the software.
2009-01-07 00:31:03 UTC in w3pw
-
Today I hacked a password change feature into my copy of w3pw. If there are still folks out there looking for that feature, I'll be happy to package and document it briefly -- at the very least I can send diffs to whomever might need them. Can't claim my code is the slickest or most exciting, but it works.
I'll watch this space from time to time, and if there are any followups I'll take the...
2009-01-07 00:27:38 UTC in w3pw
