lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 27 Sep 2003 01:55:09 +0200 (MEST)
From: markus-1977@....net
To: bugtraq@...urityfocus.com
Subject: Re: Packetstorm started a try2crack of A.R.C.S. Algorithm


Hi!
The code contains a bug (ARCS.c, line 88) where the MD5
of the password is strcpyed into another buffer. Since
the MD5-hash can contain a '\x0' byte the copying might
abort too early. This can make decryption realy
interesting if you are using two different
compilers that might or might not initialize the buffers on the
stack for debugging purposes. That said, it might be impossible, 
unless the authors publish the binary they used to encrypt
their challenge file, to decrypt it.

I strongly advise against using this implementation (assuming
the algorithm is any good).

Moderator: Shouldn't we keep this list to the usual
full-disclosure stuff and leave the crypto-algorithm
development to the apropriate academic conferences?
Transforming MD5 into a stream-cypher isn't even exciting
from a cryptographic point of view...

Markus


-- 
The early bird gets the worm. If you want
something else for breakfast, get up later.

NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ