Date: Mon, 16 Jan 2012 02:35:05 +0100 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Dragonfly BSD SHA2 (was: Jumbo future) I started implementing these, but there's a hideous bug in both crypt-sha256 and crypt-sha512 that makes it less straight-forward: static const char *magic = "$3$"; ... SHA256_Update(&ctx, magic, sizeof(magic)); I only noticed because it led my format to fail. It should obviously be strlen(magic). I presume this means hashes are not guaranteed to be portable between systems, maybe not even between versions of the lib. On my machine (I just compiled the files in libcrypt together with a main() that roughly resembles mkpasswd(1)) the resulting magic - of length 8 - is really '$3$\0$\0$4' but this is not likely to match what is happening on a DragonBSD system (the mid part will probably be the same but the end is from another source file). Doh! Feel free to report this as a further reason for listening to you :) I suppose I would need to create test hashes on a real system and then brute force what magic was really used (lol!) or insert debug code that does not interfere with this truly magic string :) magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.