Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
A hole in crypt_blowfish
Posted Jun 23, 2011 4:41 UTC (Thu) by nirbheek (subscriber, #54111)
Posted Jun 23, 2011 10:18 UTC (Thu) by job (guest, #670)
Posted Jun 23, 2011 21:15 UTC (Thu) by solardiz (guest, #35993)
Also, see comments by iabervon in here. And discussion on how to make it possible to upgrade transparently or safely: http://www.openwall.com/lists/oss-security/2011/06/23/3
Posted Jun 23, 2011 23:44 UTC (Thu) by dlang (✭ supporter ✭, #313)
the fact that there are alternate inputs isn't the problem.
a hash is only considered broken if you can predict what inputs will produce a particular output.
In this case, that is exactly what happens, this bug means that someone can test far fewer inputs when trying to find one that matches the output, because you can predict that a large number of inputs will all produce the same output, and therefor only test one of them.
Posted Jun 24, 2011 0:08 UTC (Fri) by solardiz (guest, #35993)
Posted Jun 26, 2011 11:28 UTC (Sun) by job (guest, #670)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds