Full Disclosure mailing list archives
Re: Take the trash-talker challenge!
From: full-disclosure () lists netsys com (Daniel Hartmeier)
Date: Tue, 27 Aug 2002 17:39:03 +0200
On Tue, Aug 27, 2002 at 04:35:25AM -0700, aliver () xexil com wrote:
If my detractors would like to prove what a silly ass I am then they should feel free to reverse the encrypted message into plaintext.
Your key setup is broken: memset(hash,0,16); /* lets hash the keys. We get a 256 bit hash */ /* from md5, but xxtea takes a 128 bit key so */ /* the hash is truncated to the first 128 bits */ md5_init(&state); md5_append(&state, (const md5_byte_t *) keyphrase, strlen(keyphrase)); md5_finish(&state, digest); So far, so good. But for (i = 0; i < 8; i++) { snprintf(hbuf,3,"%02x",digest[i]); memcpy(hash+(i*2),hbuf,2); } Now hash consists of 16 characters 0-9, a-f. That's 16^16 or 2^64 possible hashes. And hash is used as the key. So, effectively, you're using 64 bit keys. It's too large a key space to brute-force in 10 minutes for me, but it should be obvious that it's a severe flaw nonetheless. Daniel
Current thread:
- Take the trash-talker challenge! full-disclosure () lists netsys com (Aug 27)
- Take the trash-talker challenge! Nexus (Aug 27)
- Re: Take the trash-talker challenge! Daniel Hartmeier (Aug 27)
- Re: Take the trash-talker challenge! Roland Postle (Aug 27)
- Take the trash-talker challenge! Nicolas Couture (Aug 27)
- Take the trash-talker challenge! John Scimone (Aug 27)
- <Possible follow-ups>
- Re: Take the trash-talker challenge! zen-parse (Aug 27)
- Re: Take the trash-talker challenge! Paul Tinsley (Aug 27)
- Re: Take the trash-talker challenge! Steven M. Christey (Aug 27)
- Re: Take the trash-talker challenge! full-disclosure () lists netsys com (Aug 27)