[TYPO3-core] RFC #12502: Feature: Use HMACs for authenticity and integrity checks
Marcus Krause
marcus#exp2010 at t3sec.info
Fri Apr 16 22:24:09 CEST 2010
Helmut Hummel schrieb am 04/16/2010 08:56 PM Uhr:
> I only ask myself why you wrapped the last hmac calculation with
> bin2hex(pack()).
>
> Reading this:
> http://www.php.net/manual/en/function.mhash.php#27225
>
> it seems sufficient without these additional calls.
You're right. bin2hex reverts pack('H*', X)
I've removed these calls in attached v2 of this RFC.
Marcus.
--
Member TYPO3 Security Team
Blog on TYPO3 Security: http://secure.t3sec.info/blog/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 12502_v2.diff
Type: text/x-diff
Size: 3080 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100416/39e2d77f/attachment.diff>
More information about the TYPO3-team-core
mailing list