[Owasp-esapi-c++] [Esapi-dev] Base32 encoding
Kevin W. Wall
kevin.w.wall at gmail.com
Thu Aug 25 10:53:57 EDT 2011
On Thu, Aug 25, 2011 at 10:39 AM, Jeff Williams <jeff.williams at owasp.org> wrote:
> The advantage of B64 is that it's printable ASCII, which makes validation easier.
> What security benefit is B32? Without a use case I vote to leave it out. EBCDIC?
B32 is also printable ASCII (valid char set: A-Z, 2-7, and '=' for the pad
char). There is also an "extended hex alphabet" that uses 0-9, A-V, and
'=' for the pad char. [Note: RFC 4648 [1], the RFC which defines base32 and
base64, also includes an alternate "Base 64 Encoding with URL and
Filename Safe Alphabet", which I don't think ESAPI supports either.]
Also, one last thing... it might be a good idea to pick up the appropriate
test vectors defined in this RFC and place them in the ESAPI unit tests
for these respective codecs.
-kevin
----------------
[1] RFC 4648 -- http://tools.ietf.org/html/rfc4648
--
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
More information about the Owasp-esapi-c++
mailing list