[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Weird stuff in MD5 crypt in PAM 0.66



On Sat, Aug 21, 1999 at 02:11:23PM -0400, Sam wrote:
> 
> I'm looking at the following snippet in md5_crypt.c:
> 
> ======================================================================
> 
>         memset(final,0,sizeof final);
> 
>         /* Then something really weird... */
>         for (j=0,i = strlen(pw); i ; i >>= 1)
>                 if(i&1)
>                     MD5Update(&ctx, (unsigned const char *)final+j, 1);
>                 else
>                     MD5Update(&ctx, (unsigned const char *)pw+j, 1);
> 
> ======================================================================
> 
> I was not able to find some official spec for the MD5 CRYPT hash, so I was
> trying to figure it out from the code.  Now, what's the deal with "j",
> here?  It's being initialized to 0, but not incremented.  It almost seems
> like there's a j++ missing at the trailing end of the for.

Yes, this part of code seems to be broken.
Take the `memset(final,0,sizeof final)' into account too :-)

I don't think that this code needs a fix.  IMHO the hash is strong enough
without additional hacks like this loop.  On the other hand trying to fix the
loop will probably introduce some compatibility problems with passwords
hashed by previous versions of the code.

Best wishes
					Andrey V.
					Savochkin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []