lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 24 Dec 2010 00:00:03 -0600
From: Marsh Ray <marsh@...endedsubset.com>
To: full-disclosure@...ts.grok.org.uk
Cc: mickey@...ifer.net
Subject: Re: how i stopped worrying and loved the backdoor

On 12/23/2010 10:01 PM, Григорий Братислава wrote:
> http://mickey.lucifier.net/b4ckd00r.html
>
> how i stopped worrying and loved the backdoor

Note that much of that is backed up by CVS history. I'd seen some of 
those strange loops and bulk reformatting while reviewing the code 
commits last week.

For example, as he mentions in P2 the entropy pool extraction functions 
are implemented in such a way as to require 156 times more invocations 
of the MD5 block compression function than are necessary. This remains 
in the code today.

I even pointed some of this out the other day on this thread:
     http://marc.info/?l=openbsd-tech&m=129298665720095&w=2
Perhaps the reaction speaks louder than words.

I'd had mickey's name on my short list --
and had written 'not netsec' beside it. :-)

This is either something really interesting going on or the most 
spectacular trolling in net history.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ