[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Packetstorm started a try2crack of A.R.C.S. Algorithm

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Packetstorm started a try2crack of A.R.C.S. Algorithm
From: markus-1977@xxxxxxx
Date: Sat, 27 Sep 2003 01:55:09 +0200 (MEST)

Hi!
The code contains a bug (ARCS.c, line 88) where the MD5
of the password is strcpyed into another buffer. Since
the MD5-hash can contain a '\x0' byte the copying might
abort too early. This can make decryption realy
interesting if you are using two different
compilers that might or might not initialize the buffers on the
stack for debugging purposes. That said, it might be impossible, 
unless the authors publish the binary they used to encrypt
their challenge file, to decrypt it.

I strongly advise against using this implementation (assuming
the algorithm is any good).

Moderator: Shouldn't we keep this list to the usual
full-disclosure stuff and leave the crypto-algorithm
development to the apropriate academic conferences?
Transforming MD5 into a stream-cypher isn't even exciting
from a cryptographic point of view...

Markus


-- 
The early bird gets the worm. If you want
something else for breakfast, get up later.

NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

Prev by Date: Re: base64
Next by Date: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSH: multiple buffer handling problems
Previous by thread: Re: Packetstorm started a try2crack of A.R.C.S. Algorithm
Next by thread: Mplayer Buffer Overflow
Index(es):
- Date
- Thread