Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Apr 2013 08:20:33 +0200
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Yet more crashes

2013/4/30 Dhiru Kholia <dhiru.kholia@...il.com>:
> On 04/28/13 at 08:31pm, Lukas Odzioba wrote:
>> algorithm - do we use it at all?
>
> No.
So why it is there? Can we just drop this filed, or it might me used
in the future?

>> datalen - minimum bound?
> Should not matter.
So -1000 is proper value, or rather 0 is the smallest  valid one?
Same situation with count, I would like to hear from you what are the
bounds on this field.

>> data - every character should be in atoi16[]
>> spec - this needs to be validated with hash_algorithm
>> usage - {0,255,254} - magic numbers
>> hash_algorithm - this needs to be validated with spec
>> cipher_algorithm - {CIPHER_CAST5, CIPHER_BLOWFISH, CIPHER_AES128,
>> CIPHER_AES192, CIPHER_AES256}
>> ivlen - minimum bound
>
> Yes, all these checks are required.

Can you be more specific about minimum ivlen?

Yes I am lazy and I do not want read code:)

Thanks,
Lukas

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ