Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jun 2012 20:00:27 +0530
From: Dhiru Kholia <>
Subject: Re: avoid cracked[] arrays (was: wbb3_fmt_plug.c is broken)

On Tue, Jun 19, 2012 at 4:33 AM, Solar Designer <> wrote:
> Actually, the same problem is present in almost(?) all of your formats.
> I think the majority of them did not have to use this hack.  Even things
> like VNC and SIP can probably be implemented without this hack.  Can you
> please correct them all?  Please start with normal hashes
> (wbb3_fmt_plug.c, racf_fmt_plug.c, episerver_fmt_plug.c, django_fmt.c),
> then proceed with other stuff (anything that has the cracked[] array is
> a candidate for a fix, if at all possible).

In VNC format's crypt_all, I do

	if(memcmp(encrypted_challenge, salt_struct->response, 8) == 0) {
&encrypted_challenge[8], 8, &schedule, &ivec, DES_ENCRYPT);
			if(memcmp(encrypted_challenge, salt_struct->response, 16) == 0)
				cracked[index] = 1;
				cracked[index] = 0;
			cracked[index] = 0;

Doing an early memcmp saves one invocation of DES_cbc_encrypt
function. If I remove my cracked array hack, the format will become
slower. What should I do?  Can I combine cracked array approach with
binary interface?
(I will store the hash in custom salt & use it in crypt_all + I will
use binary interface at the same time).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.