Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Aug 2012 10:30:12 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: Help-wanted tasks for musl

On Wed, Aug 29, 2012 at 01:35:06AM +0200, Szabolcs Nagy wrote:
> * Szabolcs Nagy <nsz@...t70.net> [2012-08-28 22:09:42 +0200]:
> > * Rich Felker <dalias@...ifal.cx> [2012-08-19 22:12:23 -0400]:
> > > On Mon, Aug 20, 2012 at 03:58:54AM +0200, Szabolcs Nagy wrote:
> > > > sha and md5 crypt does not decode the salt
> > > > it is directly passed to a hash function
> > > 
> > > Ah, that makes it uglier then, because presumably some of these
> > > malformed things you mentioned are "valid" salt.
> > > 
> > 
> > i modified my sha crypt implementation so it is very strict
> > about the rounds= part of the salt and checks for key length
> > 
> 
> removed the unrolling, modified key limit and added salt check:

see the attached for my proposed changes.

rich

View attachment "crypt_sha256.c" of type "text/plain" (8585 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.