I did a couple greps of my git/ directory to see if I found examples. Given that there are a couple ways one might achieve the effect now, I don't necessarily find everything. But here's something in software I did not write myself. This is from ./JohnTheRipper/run/sspr2john.py. I found another example in a different file, but looking at it I'm pretty sure it is actually a potential bug (it has a comment similar to "Is this safe?" which I won't bother showing. elif fmt == "PBKDF2_SHA256": h = base64.b64encode(base64.b64decode(text)[:32]) # a terrible hack follows, use "adapted base64" alphabet (using . instead of + and with no padding) h = h.rstrip("=").replace("+", ".") salt = base64.b64encode(salt) salt = salt.rstrip("=").replace("+", ".") We actually know that base64 code should only produce at most 2 '='s as padding. In this instance, the encoding comes immediately before the stripping. However, perhaps some code would pass the encoded string and you wouldn't be as confident locally that extra '='s hadn't snuck in. If it existed, I think these lines would be good candidates for 'maxstrip'. On Tue, May 19, 2020 at 2:07 PM Henk-Jaap Wagenaar < wagenaarhenkjaap@gmail.com> wrote:
David (or somebody else) could you give us some, as real as possible, examples? This will strengthen the case for it!
I am confident they exist and are pretty plentiful but I myself am coming up blank thinking about it for a few minutes and documenting them would be good for discussion.
-- The dead increasingly dominate and strangle both the living and the not-yet born. Vampiric capital and undead corporate persons abuse the lives and control the thoughts of homo faber. Ideas, once born, become abortifacients against new conceptions.