[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <534162D5.3070804@bindshell.nl>
Date: Sun, 06 Apr 2014 07:21:09 -0700
From: Jeremi Gosney <epixoip@...dshell.nl>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] pufferfish
On 4/6/2014 7:09 AM, Jeremi Gosney wrote:
> On 4/6/2014 7:03 AM, Bill Cox wrote:
>> Pufferfish has a minor bug in api.c. I'm not 100% I got the fix
>> right, but I am 100% sure this is a bug. On line 135, memmove is
>> calling strlen(hash) to determine how much data to copy. It seems
>> like it should use strlen instead, assuming Pufferfish supports
>> variable out length. Here's the diff after I made this change:
>>
>> diff --git a/Pufferfish/src/common/api.c b/Pufferfish/src/common/api.c
>> index 288937d..58daf4b 100644
>> --- a/Pufferfish/src/common/api.c
>> +++ b/Pufferfish/src/common/api.c
>> @@ -132,7 +132,7 @@ int PHS (void *out, size_t outlen, const void *in,
>> size_t inlen, const void *sal
>> return 1;
>> }
>>
>> - memmove (out, hash, strlen (hash));
>> + memmove (out, hash, outlen);
>> free (settings);
>> free (hash);
>>
>> Bill
>
> No, this is incorrect. The `hash' variable in this context is not the
> raw hash value, it is the encoded hash plus the hash identifier and
> encoded salt string.
If you want the raw hash value to e.g. run dieharder tests, then the
easiest way is to have PHS() call pfkdf() instead of pufferfish(). Or,
call pufferfish() with raw = true instead of raw = false, and change the
data type to unsigned char* instead of char*, then apply your
s/strlen/outlen/ patch.
Powered by blists - more mailing lists