Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 31 Dec 2011 15:08:24 +0100
From: magnum <>
Subject: Re: SSE/intrinsics for sapB/sapG [was: john-users]

On 12/31/2011 02:47 PM, magnum wrote:
> On 12/31/2011 02:27 PM, magnum wrote:
>> On 12/31/2011 04:30 AM, wrote:
>>>> Jim, Simon, how would I do a crypt of between 56 and 63 bytes? Is this
>>>> not possible? Can we actually only do 0-55 *or* 64-119 bytes?
>>> To encrypt 56 bytes, do this:
>>> 1. set the 56 bytes, then set 0x80 as the 57th, and null out the rest.
>>> Do the sha.
>>> 2. create another buffer. NULL the entire buffer, but put 56<<3 into
>>> the length location (last 8 bytes, BE format, I think).
>>> 3. perform sha on this, using the results of step 1 as the init seed.
> For 56-59 bytes we can do the above. For 60 bytes, I presume we put all
> of them in the first buffer but the 0x80 in the second. For 61-63 bytes
> we also need to put the last couple of bytes in the second buffer.

That presumtion was wrong. I'm starting to get this straight now. We can 
actually do the described procedure for 56-63 bytes and for any of those 
lengths, the 0x80 fits in the first buffer and the second buffer is all 
nulls except for the length byte.

For exactly 64 bytes, the 0x80 obviously comes first thing in the second 

> I suppose the figures are sligthly different for MD4 and MD5, where the
> length byte is placed at 14*4 instead of 15*4?

Perhaps not. It will be exactly the same, right?

I think all coins fell down now :) but we should document this on the 
wiki. Now, at least it's in the list archives!


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.