Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120917073532.GM9428@port70.net>
Date: Mon, 17 Sep 2012 09:35:32 +0200
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: musl 0.9.5 release and new website

* Rich Felker <dalias@...ifal.cx> [2012-09-16 23:02:41 -0400]:
> On Sun, Sep 16, 2012 at 11:42:08PM +0200, Szabolcs Nagy wrote:
> > is the 30K key limit reasonable?
> 
> I don't know; can you explain the motivation?
> 

allowing 1G long key is clearly wrong because of dos
disallowing 20 byte key is wrong as well

so i picked a random number in between

we can use 256 to be consistent with sha crypt
but md5 crypt is less attackable this way

> > -#define FF(a,b,c,d,w,s,t) a += F(b,c,d) + w + t; a = rol(a,s) + b
> > -#define GG(a,b,c,d,w,s,t) a += G(b,c,d) + w + t; a = rol(a,s) + b
> > -#define HH(a,b,c,d,w,s,t) a += H(b,c,d) + w + t; a = rol(a,s) + b
> > -#define II(a,b,c,d,w,s,t) a += I(b,c,d) + w + t; a = rol(a,s) + b
> > +#define FF(a,b,c,d,w,r,t) a += F(b,c,d) + w + t; a = rol(a,r) + b
> > +#define GG(a,b,c,d,w,r,t) a += G(b,c,d) + w + t; a = rol(a,r) + b
> > +#define HH(a,b,c,d,w,r,t) a += H(b,c,d) + w + t; a = rol(a,r) + b
> > +#define II(a,b,c,d,w,r,t) a += I(b,c,d) + w + t; a = rol(a,r) + b
> 
> Is this changing anything but the argument name? Why the change?
> 

yes
(r is for rot, t is for tab, i think it helps when
there are so many arguments)

> > +static const uint8_t idx[64] = {
> > +0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
> > +1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12,
> > +5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2,
> > +0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9
> > +};
> > +static const uint8_t rot[64] = {
> > +7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22,
> > +5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20,
> > +4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23,
> > +6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21
> 
> It would be nice if these could be done without tables. As-is, I'm not
> really sure the the de-unrolled code is all that much cleaner than the
> original, but at least it's slightly smaller...
> 

if they are calculated inline then the code is even more slow
but not really smaller (the two tables are 128 bytes)
and not really cleaner:

...
for (; i < 48; i++) {
	static const uint8_t rot[] = {4,11,16,23};

	HH(a,b,c,d,W[(3*i+5)%16],rot[i%4],tab[i]);
	x = d; d = c; c = b; b = a; a = x;
}
...

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.