Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 3 Oct 2012 19:37:42 +0200
From: magnum <>
Subject: Re: o5logon format hacks

On 3 Oct, 2012, at 19:12 , Dhiru Kholia <> wrote:

> On Wed, Oct 3, 2012 at 10:21 PM, magnum <> wrote:
>> On 3 Oct, 2012, at 18:45 , magnum <> wrote:
>>>'s how I *think* we could do to all non-hash formats in order to get proper dupe detection and no warnings.
>>> 1. Use a short binary size (eg. 4) so we don't waste too much memory.
>>> 2. Write a simple mockup binary() that just returns a 4-byte hash of the full ciphertext. This could be standard crc32 or something else, but it should use all of the ciphertext.
>>> 3. Use standard binary_hash() functions just like the ones you used now.
>> Small correction: We should probably use 8 bytes and crc64 in order to be reasonably safe against hash collisions.
> Looking forward for these changes.

I could try this in the office formats and see how it works out. If this turns out OK, you can copy that changes to all your non-hash formats if you like.

> Should the patch be reverted? (though it can be kept since it is
> harmless and doesn't change performance).

I haven't tested it, but I suspect it will presently regard all hashes as dupes. I think no matter how many hashes you try to load, it will only accept the first...


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.