Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 3 Oct 2012 21:09:14 +0200
From: magnum <>
Subject: Non-hash dupe suppression (was: o5logon format hacks)

On 3 Oct, 2012, at 19:37 , magnum <> wrote:

> On 3 Oct, 2012, at 19:12 , Dhiru Kholia <> wrote:
>> On Wed, Oct 3, 2012 at 10:21 PM, magnum <> wrote:
>>> On 3 Oct, 2012, at 18:45 , magnum <> wrote:
>>>>'s how I *think* we could do to all non-hash formats in order to get proper dupe detection and no warnings.
>>>> 1. Use a short binary size (eg. 4) so we don't waste too much memory.
>>>> 2. Write a simple mockup binary() that just returns a 4-byte hash of the full ciphertext. This could be standard crc32 or something else, but it should use all of the ciphertext.
>>>> 3. Use standard binary_hash() functions just like the ones you used now.
>>> Small correction: We should probably use 8 bytes and crc64 in order to be reasonably safe against hash collisions.
>> Looking forward for these changes.
> I could try this in the office formats and see how it works out. If this turns out OK, you can copy that changes to all your non-hash formats if you like.

Unfortunately my idea does not fly. Core changes are needed. After just doing the above, the self-test complains that get_hash() does not produce the same hash as binary_hash() since the former just use the fmt_default. I should have expected that :)  I see no way to do this without changing core.

With a core change, we could instead do something like this: All non-hash formats just use a BINARY_SIZE of 0 and fmt_default_binary etc. And loader.c could detect this situation and do the dupe supression all by itself by crc64'ing the ciphertexts. I *think* this could be a fairly easy fix but I won't touch that until Solar talks.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.