Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Nov 2011 21:02:03 +0400
From: Solar Designer <>
Subject: Re: best way to get ciphertext

On Mon, Nov 21, 2011 at 05:34:50PM +0100, Lukas Odzioba wrote:
> What about moving crypt_all code to cmp_all and leaving crypt_all empty?

There are a couple of problems with this:

1. cmp_all() is not always called.  When the number of hashes for a salt
is above a threshold, a get_hash*() function is called instead.

2. cmp_all() may be called multiple times if there's more than one hash
for a salt, but the threshold mentioned above is not reached.

> If there were no set_salt or set_key calls between last cmp_all call
> then don't do hash calculations inside cmp_all - just in case.

Yes, this addresses #2 above.

#1 may be addressed by introducing a new FMT_* flag as I pointed out in
another message, but this is a tradeoff.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ