Date: Wed, 3 Oct 2012 19:37:42 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: o5logon format hacks On 3 Oct, 2012, at 19:12 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: > On Wed, Oct 3, 2012 at 10:21 PM, magnum <john.magnum@...hmail.com> wrote: >> On 3 Oct, 2012, at 18:45 , magnum <john.magnum@...hmail.com> wrote: >> >>> ...here's how I *think* we could do to all non-hash formats in order to get proper dupe detection and no warnings. >>> >>> 1. Use a short binary size (eg. 4) so we don't waste too much memory. >>> >>> 2. Write a simple mockup binary() that just returns a 4-byte hash of the full ciphertext. This could be standard crc32 or something else, but it should use all of the ciphertext. >>> >>> 3. Use standard binary_hash() functions just like the ones you used now. >> >> Small correction: We should probably use 8 bytes and crc64 in order to be reasonably safe against hash collisions. > > Looking forward for these changes. I could try this in the office formats and see how it works out. If this turns out OK, you can copy that changes to all your non-hash formats if you like. > Should the patch be reverted? (though it can be kept since it is > harmless and doesn't change performance). I haven't tested it, but I suspect it will presently regard all hashes as dupes. I think no matter how many hashes you try to load, it will only accept the first... magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.