lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Apr 2014 18:26:51 +0200
From: Krisztián Pintér <>
Subject: Re: [PHC] Gambit code

Steve Thomas (at Monday, April 14, 2014, 5:26:22 PM):
> compiler error. You are just typedef-ing them as uint8_t of some length.
> That means they are all the same type with a fancy name on them. This is
> why file gambit.cpp, line 19 compiles:

i'm not a c programmer, and i'm not going to express my feelings about
the c/c++ type system on this forum.

in defense of the code: compile time error is only one benefit, the
other being communicating what should go there without the help of an
external documentation. anyway, makes little difference. at least i
tried :)

> Just noticed a bug file gambit.cpp, line 115:
> memset(mem, 0, sizeof(uint8_t)*cost_m);
> should be:
> memset(mem, 0, sizeof(uint64_t)*cost_m);

this is indeed a bug, but luckily it only leaks highly sensitive data
to grab with heartbleed, so nothing too big :) thanks for pointing it
out, i'll fix it in the next version. (not submitting another version
just for that, the generated values are not affected.)

btw you gave me the heart attack, because before i looked in the
source code, i thought it is the zeroing before the hashing, which
would obviously crap on all the produced values.

Powered by blists - more mailing lists