I did a couple greps of my git/ directory to see if I found examples. Given that there are a couple ways one might achieve the effect now, I don't necessarily find everything. But here's something in software I did not write myself.
This is from ./JohnTheRipper/run/sspr2john.py. I found another example in a different file, but looking at it I'm pretty sure it is actually a potential bug (it has a comment similar to "Is this safe?" which I won't bother showing.
elif fmt == "PBKDF2_SHA256":
h = base64.b64encode(base64.b64decode(text)[:32])
# a terrible hack follows, use "adapted base64" alphabet (using . instead of + and with no padding)
h = h.rstrip("=").replace("+", ".")
salt = base64.b64encode(salt)
salt = salt.rstrip("=").replace("+", ".")
We actually know that base64 code should only produce at most 2 '='s as padding. In this instance, the encoding comes immediately before the stripping. However, perhaps some code would pass the encoded string and you wouldn't be as confident locally that extra '='s hadn't snuck in.
If it existed, I think these lines would be good candidates for 'maxstrip'.
On Tue, May 19, 2020 at 2:07 PM Henk-Jaap Wagenaar <wagenaarhenkjaap@gmail.com> wrote:
David (or somebody else) could you give us some, as real as possible, examples? This will strengthen the case for it!
I am confident they exist and are pretty plentiful but I myself am coming up blank thinking about it for a few minutes and documenting them would be good for discussion.
The dead increasingly dominate and strangle both the living and the
not-yet born. Vampiric capital and undead corporate persons abuse
the lives and control the thoughts of homo faber. Ideas, once born,
become abortifacients against new conceptions.