[Owasp-esapi-c++] [Esapi-dev] Base32 encoding
Da Co
daneluta at gmail.com
Thu Aug 25 11:08:51 EDT 2011
The usage of base32 when posting aliases to UI was to facilitate
users to enter these aliases manually.
On Thu, Aug 25, 2011 at 10:58 AM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> On Thu, Aug 25, 2011 at 10:45 AM, Da Co <daneluta at gmail.com> wrote:
>> Jeff,
>> I see base32 utility not for security reasons, but for usability reasons.
>> Base 32 looks better for customer than Base64, and it is shorter than
>> Base16. Two scenarios I encountered were:
>> - License Key generations
>
> I can sort of see this as a lot of times users typing in license
> keys ignore the case of the license key. So one could use base32
> and safely convert all the characters to uppercase whereas you couldn't
> do that with base64.
>
>> - Using encrypted aliases on UIs
>
> I'm not buying this argument. B64 is shorter than B32 and since
> these usually done programmatically, the shorter version us usually
> preferred, *especially* when it needs to be persisted into a DB.
>
>> Anyone else having such scenarios?
>
> Like I said... I've NEVER seen it used in my 12 yrs here. That doesn't
> mean that it's useless, but I've seen base64 used hundreds of time
> by comparison.
>
> -kevin
> --
> Blog: http://off-the-wall-security.blogspot.com/
> "The most likely way for the world to be destroyed, most experts agree,
> is by accident. That's where we come in; we're computer professionals.
> We *cause* accidents." -- Nathaniel Borenstein
>
More information about the Owasp-esapi-c++
mailing list