Date: Mon, 20 Jun 2011 08:29:22 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Either my test script is b0rken or BF has an 8-bit bug On Mon, Jun 20, 2011 at 07:29:06AM +0400, Solar Designer wrote: > For passwords of length n*4-1 (3, 7, 11, 15, ...), 8-bit characters in > positions i*4 (4, 8, 12, ...) result in hashes incompatible with > OpenBSD's, but without any characters ignored (no security risk). These > are similar to passwords of other lengths. I was wrong about this. Such passwords (of length 7 and above only, obviously) have as many as three characters ignored. > Thus, the probability for an arbitrary password with a single 8-bit > character to have any of its characters ignored may be estimated as > 1/8 (assuming uniform distribution of password lengths and of positions > in which the 8-bit character may be). This changes to 3/16. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.