Date: Mon, 10 Dec 2012 09:47:22 +0100 From: Simon Marechal <simon@...quise.net> To: john-dev@...ts.openwall.com Subject: Re: fixing the valid() methods On 10/12/2012 02:57, Solar Designer wrote: > Can we afford a dependency on regcomp(3), regexec(3), regfree(3) in > jumbo? Apparently, these are in POSIX.1-2001. Yet I am unlikely to > introduce this change to core, so it'd be yet another jumbo thing. > > Personally, I don't feel much need to go for regexps - I find it easy > enough to write robust valid() based on str(r)chr() and such - but I > understand that others' preferences may be different. Perhaps some kind of sscanf-like function, that accepts a specific format ? Something that might look like: validate("$X$%b8$%h128", ciphertext) That would return true if ciphertext is made of (exactly) "$X$" followed by 8 chars forming a valid base 64 value, followed by 128 chars forming a valid hex-encoded value. It might even work as sscanf for use in binary, and would be used like this in valid: validate(ciphertext, "$X$%b8$%h128", NULL, NULL) in binary : validate(ciphertext, "$X$%b8$%h128", NULL, &bin) in salt : validate(ciphertext, "$X$%b8$%h128", &salt, NULL) This doesn't seem to be too much work, and has the following advantages: * centralized and hopefuly bug-free code for converting ascii to binary in various ways (hex, base64, endianness, ...) * reuse the same format and functions in validate, binary and salt * makes the expected ciphertext format obvious Another approach would be having a set of functions working with a parsing context. This might be easier to add features this way, but seems less easy to use : ctx = start_parse(ciphertext); if(!parse_string(ctx, "$X$")) return 0; if(!parse_base64(ctx, 8)) return 0; if(!parse_string(ctx,"$")) return 0; if(!parse_hex(ctx, 128)) return 0; if(!parse_eol(ctx)) return 0; What do you guys think ?
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.