Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Jun 2012 01:46:00 +0200
From: Tavis Ormandy <taviso@...xchg8b.com>
To: john-dev@...ts.openwall.com
Subject: Re: Re: [patch] optional new raw sha1 implemetation

On Sun, Jun 17, 2012 at 01:42:07AM +0200, magnum wrote:
> >>On a third thought, are we not actually guaranteed there will be a
> >>zero byte? They are zeroed in set_key().
> >>
> >>magnum
> >
> >I dont think so, for example, consider testing two 15 byte keys, I would
> >store them in contiguous aligned buffers like this:
> >
> >41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 80
> >41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 80
> >00 00 00 ...
> >
> >get_key(0) with strrchr would return AAAAAAAAA\x80AAAAAAAAAAAB, no?
> 
> OK, so let's just put a zero in ((unsigned char*)key)[15] before the
> strrchr. That ought to work fine, right?
> 
> magnum

Hmm, you mean make key[] in sha1_fmt_get_key 5 instead of 4? Hmm, I think
that sounds okay.

Tavis.

-- 
-------------------------------------
taviso@...xchg8b.com | pgp encrypted mail preferred
-------------------------------------------------------

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ