<p>1</p><p>I shipped a bug in 1994 where all one byte passwords were accepted as equal</p><p>The root cause was a bug in a SCSI chip that substituted a constant for every one byte payload</p><p>We didn’t test the reject-wrong-password case enough</p><p>2</p><p>> We didn’t test the reject-wrong-password case enough</p><p>And they, and we, didn’t test the one-byte payload case enough</p><p>After this bit me once, forever thereafter I paid more attention to misaligned lengths</p><p>=></p>
