lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 22 Mar 2015 22:48:21 +0100
From: Axel von dem Bruch <axel-vdb@...eup.net>
To: discussions@...sword-hashing.net
Subject: battcrypt: minor bug in reference implementation


I'm working on a Java implementation of battcrypt. I want to use it
later as an optional key derivation function for a password encryption
program, which is currently under construction.
For comparison I called the C++ reference implementation with several
parameters.

I found a minor bug in the function battcryptKdf().
The bug occurs only if the requested key size is larger than 64 byte and
has the result that the function fails.
The function battcryptKdf() is an additional function to the PHC
standard function.
This bug does not affect the function PHC().

More detailed description:
When I use the key derivation mode with output size > 64, the function
battcryptKdf(...) returns 1.
This is because of line 165 or 171:
if (m_cost > 50 || (t_cost & 0xffff) > 62 || (t_cost >> 16) > 63 ||
outlen > HASH_LENGTH)
For the function battcryptKdf the last "outlen > HASH_LENGTH" should
be deleted, otherwise the key streching will not work.

Steve has suggested to report the bug here on the list.

I had also noted (a negligible topic) that the function others than the
function PHC uses the password again in the last loop and therefore the
password must remain in RAM.

Regards
Axel

Powered by blists - more mailing lists