Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Jun 2012 21:18:42 -0400
From: Rich Felker <>
Subject: Re: FreeSec crypt()

On Wed, Jun 13, 2012 at 03:51:13AM +0400, Solar Designer wrote:
> Rich -
> As discussed on IRC, here is a revision of the FreeSec crypt() code with
> greatly reduced memory requirements: 10 KB for the "shared" and "local"
> structs combined.  The original code required about 70 KB of .bss.

Thanks. Here's a _really_ quick draft, untested, of the direction I
wanted to take it with making the tables static-initialized. Note that
doing so allowed removing all of the table-creation code and most of
the existing tables. For me, it's weighing in at ~12k. I also removed
some unused code for things like keeping salt/keys between multiple
runs since the data is not preserved across multiple runs anyway, and
the lookup tables for bitshifts.

> Also, we could want to add a runtime self-test, which would detect
> possible miscompiles.

I understand your motivation for doing this with security-critical
things, but really most/all of libc is security-critical, and we can't
have runtime miscompilation tests all over the place. Moreover, the
vast majority of cases of GCC "miscompiling" something turn out to be
code that's invoking undefined behavior; the only non-UB example I've
encountered while working on musl is gcc 4.7's bad breakage, which is
so bad you can't even get programs to start...


View attachment "crypt.c" of type "text/plain" (41528 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.