[Esapi-dev] [Owasp-esapi-c++] Base32 encoding
Kevin W. Wall
kevin.w.wall at gmail.com
Thu Aug 25 10:58:49 EDT 2011
On Thu, Aug 25, 2011 at 10:45 AM, Da Co <daneluta at gmail.com> wrote:
> Jeff,
> I see base32 utility not for security reasons, but for usability reasons.
> Base 32 looks better for customer than Base64, and it is shorter than
> Base16. Two scenarios I encountered were:
> - License Key generations
I can sort of see this as a lot of times users typing in license
keys ignore the case of the license key. So one could use base32
and safely convert all the characters to uppercase whereas you couldn't
do that with base64.
> - Using encrypted aliases on UIs
I'm not buying this argument. B64 is shorter than B32 and since
these usually done programmatically, the shorter version us usually
preferred, *especially* when it needs to be persisted into a DB.
> Anyone else having such scenarios?
Like I said... I've NEVER seen it used in my 12 yrs here. That doesn't
mean that it's useless, but I've seen base64 used hundreds of time
by comparison.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
More information about the Esapi-dev
mailing list