Date: Mon, 31 Dec 2012 09:33:59 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Formats dmg, encfs and strip crash on longer passwords On Monday 31 December 2012 09:11 AM, magnum wrote: > I have now modified Lukas' pbkdf2-hmac-sha1 so it can handle a max. > length of 64. I see we have some formats that use Gladman's > derive_key() instead. This is slower. I tried changing ODF to > keychain.h and pbkdf2() and got a 60% boost but I'm not sure it > supports all variants (if there are any?) so I did not commit that. > Gladman's function has one more parameter and I'm not sure if it > matters. I also tried SXC but got no boost, no idea why. Finally, I > tried ZIP but that did not even pass self-test. 1. AES support in ODF format required Gladman's code earlier (due to usage of longer salt / password size). This format can now be switched to newer and faster PBKDF2 code. ODF CPU format supports both Blowfish and AES encryption. 2. Gladman's function's extra parameter is a 2-byte verifier which is used in ZIP AES format. This extra parameter is not used by other formats. 3. SXC and no boost is a mystery. I will take a look. Tell me you did re-compile ;) 4. ZIP files using AES 256-bit encryption require very long PBKDF2 output (upto 66 bytes). Can the new PBKDF2 code do this? Strangely the zip OpenCL handles this just fine! Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.