Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 3 Oct 2012 22:42:10 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: o5logon format hacks

On Wed, Oct 3, 2012 at 10:21 PM, magnum <john.magnum@...hmail.com> wrote:
> On 3 Oct, 2012, at 18:45 , magnum <john.magnum@...hmail.com> wrote:
>
>> ...here's how I *think* we could do to all non-hash formats in order to get proper dupe detection and no warnings.
>>
>> 1. Use a short binary size (eg. 4) so we don't waste too much memory.
>>
>> 2. Write a simple mockup binary() that just returns a 4-byte hash of the full ciphertext. This could be standard crc32 or something else, but it should use all of the ciphertext.
>>
>> 3. Use standard binary_hash() functions just like the ones you used now.
>
> Small correction: We should probably use 8 bytes and crc64 in order to be reasonably safe against hash collisions.

Looking forward for these changes.

Should the patch be reverted? (though it can be kept since it is
harmless and doesn't change performance).

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.