Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Jul 2013 12:32:36 +0200
From: marcus.desto <marcus.desto@...pl>
To: john-dev@...ts.openwall.com
Subject: Re: BUG in pbkdf2_hmac_sha1_unsplit_kernel.cl

Dnia 12 lipca 2013 11:22 magnum <john.magnum@...hmail.com> napisaƂ(a):

> On 12 Jul, 2013, at 8:01 , marcus.desto <marcus.desto@...pl> wrote:
> > I suggest, you should introduce testing to your project, like unit testing, whitebox and blackbox testing.
> 
> We have built-in self-tests as well as the more extensive "Test Suite" (https://github.com/magnumripper/jtrTestSuite). But in this case no tests were using that long salts. Actually most (all?) formats using this shared code (eg. zip, dmg, strip, odf) has a fixed salt length of eg. 8 or 16 so I'm not sure this bug ever surfaced in our current formats.
> 
> magnum
> 

Ok, but you should consider all input lengths, at least to proof the limits auf input length.

Hmm, I also have found some test code in the *_fmt.c files, but maybe you should not plant test code in productive code.

Marcus

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ