[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 08 Feb 2013 22:58:32 -0200
From: Claudio André <claudioandre.br@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: sha512crypt formats matching salt detection bug
Em 08-02-2013 22:53, Solar Designer escreveu:
> On Fri, Feb 08, 2013 at 10:50:17PM -0200, Claudio Andr? wrote:
>> Is there a minimun number of rounds? I mean, is 999 the mininum rounds
>> allowed by some spec?
> 1000 is the minimum per Ulrich's original spec (SHA-crypt.txt and
> reference implementations of sha512crypt and sha256crypt). However,
> apparently IBM deviated from that. Apparently, it's a minimum of 16
> there.
>
> We should support any number of rounds, starting with 1.
>
> Anyhow, the bug that I reported has nothing to do with specific round
> counts. It's about including the round counts in "salts".
>
We do. But we obey this restriction.
static void * get_salt(char *ciphertext) {
...
srounds = srounds < ROUNDS_MIN ?
ROUNDS_MIN : srounds;
out.rounds = srounds > ROUNDS_MAX ?
ROUNDS_MAX : srounds;
...
return &out;
Claudio
Claudio
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
