Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 31 Dec 2012 05:22:46 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Formats dmg, encfs and strip crash on longer passwords

On 31 Dec, 2012, at 5:03 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Monday 31 December 2012 09:11 AM, magnum wrote:
>> I have now modified Lukas' pbkdf2-hmac-sha1 so it can handle a max. length of 64. I see we have some formats that use Gladman's derive_key() instead. This is slower. I tried changing ODF to keychain.h and pbkdf2() and got a 60% boost but I'm not sure it supports all variants (if there are any?) so I did not commit that. Gladman's function has one more parameter and I'm not sure if it matters. I also tried SXC but got no boost, no idea why. Finally, I tried ZIP but that did not even pass self-test.
> 
> 1. AES support in ODF format required Gladman's code earlier (due to usage of longer salt / password size). This format can now be switched to newer and faster PBKDF2 code. ODF CPU format supports both Blowfish and AES encryption.

I did not look at Lukas' code's salt length now but I think it handles 52 characters as-is (just adjust structs if needed).

> 2. Gladman's function's extra parameter is a 2-byte verifier which is used in ZIP AES format. This extra parameter is not used by other formats.

Great, then we can have the 60% boost for ODF. I can commit it, I still have it handy. Also, I just noticed I missed fixing odf-opencl. I'll fix that.

> 3. SXC and no boost is a mystery. I will take a look. Tell me you did re-compile ;)

Pretty sure I did. Let's hope I just screwed it up.

> 4. ZIP files using AES 256-bit encryption require very long PBKDF2 output (upto 66 bytes). Can the new PBKDF2 code do this? Strangely the zip OpenCL handles this just fine!

As-is, it produces 40 bytes but only 32 are used. It can output up to 40 bytes with a super trivial modification. How do they do more, another bunch of iterations?

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ