Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 12 Jun 2012 21:18:42 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: FreeSec crypt()

On Wed, Jun 13, 2012 at 03:51:13AM +0400, Solar Designer wrote:
> Rich -
> 
> As discussed on IRC, here is a revision of the FreeSec crypt() code with
> greatly reduced memory requirements: 10 KB for the "shared" and "local"
> structs combined.  The original code required about 70 KB of .bss.

Thanks. Here's a _really_ quick draft, untested, of the direction I
wanted to take it with making the tables static-initialized. Note that
doing so allowed removing all of the table-creation code and most of
the existing tables. For me, it's weighing in at ~12k. I also removed
some unused code for things like keeping salt/keys between multiple
runs since the data is not preserved across multiple runs anyway, and
the lookup tables for bitshifts.

> Also, we could want to add a runtime self-test, which would detect
> possible miscompiles.

I understand your motivation for doing this with security-critical
things, but really most/all of libc is security-critical, and we can't
have runtime miscompilation tests all over the place. Moreover, the
vast majority of cases of GCC "miscompiling" something turn out to be
code that's invoking undefined behavior; the only non-UB example I've
encountered while working on musl is gcc 4.7's bad breakage, which is
so bad you can't even get programs to start...

Rich

View attachment "crypt.c" of type "text/plain" (41528 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.