Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Feb 2013 19:19:04 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Minor problem in ODF format

On 20 Feb, 2013, at 21:38 , Milen Rangelov <gat3way@...il.com> wrote:

> Hello,
> 
> While working on my odf plugin and using the jtr format as a reference, I noticed a minor problem that could cause false negatives with some documents.
> 
> Problem is here:
> 
> 
> BF_set_key(&bf_key, cur_salt->key_size, key);
> 
> BF_cfb64_encrypt(cur_salt->content, output, 1024, &bf_key, ivec, &bf_ivec_pos, 0);
> 
> SHA1_Init(&ctx);
> 
> SHA1_Update(&ctx, output, 1024);
> 
> SHA1_Final((unsigned char*)crypt_out[index], &ctx);
> 
> 
> 
> 
> With certain documents (very small in size, e.g just 1-2 short paragraphs) it is possible that the size of content.xml is less than 1024 bytes and in that case there is no need to decrypt 1024 bytes and hash the result because the actual size is less than that (decryption is OK, but hashing would definitely produce wrong result).

So the correct behaviour is to decrypt the actual length when <= 1024, and then SHA1 that same length? Or what?

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ