How can * be a safe hashed password?
- by Exception e
phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment.
function HashPassword($password)
{
// <snip> trying to generate a hash…
# Returning '*' on error is safe here, but would _not_ be safe
# in a crypt(3)-like function used _both_ for…