lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <014e01c24dd2$319f2760$1e01320a@drizzt>
From: nexus at patrol.i-way.co.uk (Nexus)
Subject: Take the trash-talker challenge!

----- Original Message -----
From: <aliver@...il.com>
To: "Full Disclosure" <full-disclosure@...ts.netsys.com>
Sent: Tuesday, August 27, 2002 12:35 PM
Subject: [Full-Disclosure] Take the trash-talker challenge!

> posted xxt.c on this list a few days back. Attached is a file which I've
> encrypted using my utility. If my detractors would like to prove what a
> silly ass I am then they should feel free to reverse the encrypted message

So this is a challenge not of your [implementation of] code, but the XTEA
algorithm last modified (AFAIAA) in October 1998 in response to an attack
against Block TEA though both XTEA and straight TEA where not affected ?
This challenge would also be against the MD5 hash as well, which like those
mentioned above have been beat up on by notable crypto types for a little
while ?

> challenge anyone to write a working exploit which would render a root
> shell when xxt is SUID root. If you succeed I will:

I don't understand the validity of this as your application has no
requirement to be SUID root at all.

> If you don't, then I'll consider you full of shit and you can go on
> posting garbage like what I've already seen, but your credibility will be
> even lower than it already is (if that is possible).

Ah well, since I can't really be arsed to throw a brute forcer at the
[still] extant open source crypto algorithms in your application and in no
way am I a Cryptanalyst, I guess that's me told... ;-)
I'm far too busy playing Uplink to learn what it is to be a real hacker...
Well, actually I am working on a Cygwin version of xxt but it's barfing
during ld; but I'll let you know :)

Cheers.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ