| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Apr 2014 18:26:51 +0200 From: Krisztián Pintér <pinterkr@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Gambit code Steve Thomas (at Monday, April 14, 2014, 5:26:22 PM): > compiler error. You are just typedef-ing them as uint8_t of some length. > That means they are all the same type with a fancy name on them. This is > why file gambit.cpp, line 19 compiles: i'm not a c programmer, and i'm not going to express my feelings about the c/c++ type system on this forum. in defense of the code: compile time error is only one benefit, the other being communicating what should go there without the help of an external documentation. anyway, makes little difference. at least i tried :) > Just noticed a bug file gambit.cpp, line 115: > memset(mem, 0, sizeof(uint8_t)*cost_m); > should be: > memset(mem, 0, sizeof(uint64_t)*cost_m); this is indeed a bug, but luckily it only leaks highly sensitive data to grab with heartbleed, so nothing too big :) thanks for pointing it out, i'll fix it in the next version. (not submitting another version just for that, the generated values are not affected.) btw you gave me the heart attack, because before i looked in the source code, i thought it is the zeroing before the hashing, which would obviously crap on all the produced values.
Powered by blists - more mailing lists