Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 28 Sep 2019 10:31:17 -0400 (EDT)
From: jfoug openwall <>
Subject: Re: Buffer overflow in dynamic using very long salts

> On September 27, 2019 at 11:37 AM Vincent <> wrote:
> Working on a dynamic format with a (very) long salt, I had some issue. 

This limitation is by design (and this will not change), the MAX length of any sub-string, ANYWHERE within the dynamic script is 256 bytes.    If you are needing to have huge long constants, or long salts, then dynamic is not going to work for you. 

Dynamic format has to be able to do things, and handle things which no other format does (i.e. it has NO idea going in, just what will be required by the format).  All other formats will have developer insight on just how to lay out buffers, how to optimize things, etc.  Not so with dynamic. So there were certain hard coded elements added to the format, just to allow it to be a workable format, and to be somewhat fast.   A large array of fixed sized input buffers is one of these trade offs.   NOTE, 256 byte buffers can not be filled up (I think) on SIMD formats (the 'flat' SIMD possibly can use entire buffer, but possibly not).  32 bit hashes will max out at 256-9 bytes (1 byte for 0x80 bit, and then 8 bytes for bit count).  64 bit hashes will max out at 256-17 bytes (1 byte 0x80, and 16 bytes bit count).   Again, this is BY DESIGN, and almost certainly will never be changed.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.