Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jul 2012 07:58:55 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: mscash2 / hmac-md5 ambiguity

On 07/27/2012 06:58 AM, Frank Dittrich wrote:
> On 07/27/2012 12:57 AM, Alexander Cherepanov wrote:
>> One solution is to add to hmac-md5 hashes some prefix like $HMAC-MD5$ or
>> {HMAC-MD5}. BTW why there is none now?
> 
> Because for hmac-md5 *any* input is valid, you don't know if a hash is
> prefixed, of if "{HMAC-MD5}" just happens to be the begin of an
> unprefixed string, so you'd have to convert it to "{HMAC-MD5}{HMAC-MD5}"

What would work is if you change the sequence.

Instead of
YT1m11GDMm3oze0EdqO3FZmATSrxhquB#6c97850b296b34719b7cea5c0c751e22
we use
$hmac_md5$6c97850b296b34719b7cea5c0c751e22$YT1m11GDMm3oze0EdqO3FZmATSrxhquB
or something similar.
That way the first part is always fixed, and the variable part comes at
the end.

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ