Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 May 2016 15:01:57 +0300
From: Solar Designer <>
Subject: WinZip PBKDF2 use optimization

Jim, magnum -

atom just posted this:

Behind the WinZip KDF optimization

It's about only needing to compute some of the PBKDF2 output blocks for
AES key sizes larger than 128 bits.

I vaguely recalled that we already had it, and I went to check - to my
surprise, it looks like the code currently in jumbo is fully prepared
for this optimization, but does not actually include it for WinZip.
Specifically, pbkdf2_hmac_sha1.h says:

 * simpler, AND contains an option to skip bytes, and only call the hashing
 * function where needed (significant speedup for zip format).

Indeed, it accepts a parameter skip_bytes, but somehow zip_fmt_plug.c
passes 0 for that parameter all the time.  Looking through commits
history for zip_fmt_plug.c, I found that the optimization was lost with:

commit 528e6bcfb1a59f068b70c63b3c0d7ffc62c32ce4
Author: JimF <>
Date:   Sun Jul 6 22:03:13 2014 -0500

    zip2 format. #434 #691  Removed FMT_NOT_EXACT. Now fully detects passwords.

Can the two of you look into this, please, and likely reintroduce the
optimization?  Also check the OpenCL format for the same.



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ