Date: Thu, 06 Jan 2011 19:54:58 -0600 From: James Nobis <quel@...lrod.net> To: Robert Harris <rs904c@...scape.net> CC: john-users@...ts.openwall.com Subject: Re: Re: hmailserver patch has errors, error when compiling in Linux x86 64-bit and 32-bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert, > You may possibly require a minimum version of GCC and/or OpenSSL, or > something. Do you? I'm using Owl version from September, the same exact > version and configuration I used to build JtR with the jumbo 9 patch, and it > worked fine. Thanks for your follow up. You are correct that there is a minimum version requirement. I had not considered the possibility of OpenSSL that doesn't have SHA-2 support in active use. > Here are the gcc and openssl version in the September versions of Owl: > gcc version 3.4.5 Wow that's quite an old version though it isn't a factor here. gcc 3.x had a lot of performance regressions for the code it generated and 4.x especially in the 4.3.x, 4.4.x, and 4.5.x lines are really producing some excellent optimizations. I keep finding more cases of the compiler actually doing the right things with c code such that less inline assembly is necessary. > OpenSSL 0.9.7m 23 Feb 2007 The changelog indicates in the Changes between 0.9.7h and 0.9.8 [05 Jul 2005] that "New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented." I don't think 0.9.7 has any upstream security support at this point. All US government agencies were suppose to cease all use of MD5 and SHA-1 at the end of last year, though they didn't meet the deadline. With improving attacks on SHA-1 Owl really should have SHA-2 support. SHA-1 at 160 bits only provides 80bits of security which is insufficient even for 128-bit rc4 or aes. The picture is more bleak if you take current improvements on cryptanalytic analysis of SHA-1 into account. The minimum for 128-bits of security is currently SHA-256. Is there a way to specify a minimum OpenSSL version in JtR? The most time I spent in the code was writing this quick patch for a friend. Thanks, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBCgAGBQJNJnJxAAoJEGUWgJyjXssu4CcP/3heFTxIkt61O0NEOHQRm1/W 4u+T0kGKqt9glVaPc/yDhOyn9w+5IPuA6FhcqsuR7ClBAocc5aPywXOGIDgVwaRd wIZWcqu6+Kd4DKNGW2oZqm8HydHg2+101p8TjnD4Y2YwO50gc3qr3zZXPXwssSop YmfVPzaO5qd4DYvt1tqbGaM2p1vJDJRwYL0UIVn7G69mudUiL9fGkQnX5Zeuy4R3 ZnM6zBy8tCuAVOSfrsrzF6ffX49afesNh1ZxTRF5uUP9fcOwbyqkKpuQgL65sDCg S8U1WB5FiNlQaSPqP3RifHXUZxPuUHO8qOLyEXMwH8259Szxqin/PVtDYzvfPXMg YfZ4uIphdbQGhD5BVHrImGdrfw8mN7zckR+3dtPK3rg+lNdX6mdK6NTnIu0X+QN8 4yIGmWyceM34FpVYBw//YeLzOpDIBcvKw/Cop87b582LB6GsbfbES6Z9VeHs65Ss fCbIsN4oB7aM3WqD9hE8y+8dbAcRTyrn7kJAaxHpVwhsQ0orwGJjxX8Ra8JyNl3b VziTzje2DaP7NKpORsaZVuzEWdNYej2R2P+8zclhqTOtRwy6PTLJuEGb/0yMlMSP X23nzkj+i2JEcCsi2EmAs4YPqsYZZPnT45Kqv+SRv8kxsHSlkKGzpA0aYOp+zWRf vnnTbzpX0wmOp3G+Kgqx =deOj -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.