Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I was thinking about this problem to myself previously, and came up with the question:
“Theoretically, isn’t it possible that a hash function of say, X random bytes, when hashed, would be considered vulnerable since NULL bytes in any character array would be interpreted as the end of a string in C? And therefore as an attacker we may ignore that character (and possibly others) within our initial string to brute force?”
Sorry if I’m not very clear on this.
The output of hash functions is typically a fixed-length array of bytes (or machine words); it should be interpreted as a fixed-length array, not as a zero-delimited string.
The solution is to use
memcmp(3)in your code instead ofstrcmp(3).