Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Packetstorm started a try2crack of A.R.C.S. Algorithm
From: markus-1977 () gmx net
Date: Sat, 27 Sep 2003 01:55:09 +0200 (MEST)

Hi!
The code contains a bug (ARCS.c, line 88) where the MD5
of the password is strcpyed into another buffer. Since
the MD5-hash can contain a '\x0' byte the copying might
abort too early. This can make decryption realy
interesting if you are using two different
compilers that might or might not initialize the buffers on the
stack for debugging purposes. That said, it might be impossible, 
unless the authors publish the binary they used to encrypt
their challenge file, to decrypt it.

I strongly advise against using this implementation (assuming
the algorithm is any good).

Moderator: Shouldn't we keep this list to the usual
full-disclosure stuff and leave the crypto-algorithm
development to the apropriate academic conferences?
Transforming MD5 into a stream-cypher isn't even exciting
from a cryptographic point of view...

Markus


-- 
The early bird gets the worm. If you want
something else for breakfast, get up later.

NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault