WARNING: that patch from Ted...

Colin Plumb (colin@nyx.net)
Sat, 26 Apr 97 15:31:23 MDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jean-Philippe Langlois: "Re: kernel structures 2.0.29->2.0.30"
Previous message: Ingo Molnar: "Re: Patches to speed up SLIP and PPP"

With memories of that /dev/random false alarm still echoing in my
head, I hope I'm not causing unnecessary panic, but Linus, *please*
don't put that patch from Ted in until he's confirmed that I'm wrong.
(Likewise, linuxhq, please don't archive it, etc.)
I think there's a serious security hole in it...

This is the usual way to do an MD4 round. Notice the regular
rotation of the arguments a, b, c, d to FF().
+ /* Round 1 */
+ FF (a, b, c, d, in[ 0], 3);
+ FF (d, a, b, c, in[ 1], 7);
+ FF (c, d, a, b, in[ 2], 11);
+ FF (b, c, d, a, in[ 3], 19);
+ FF (a, b, c, d, in[ 4], 3);
+ FF (d, a, b, c, in[ 5], 7);
+ FF (c, d, a, b, in[ 6], 11);
+ FF (b, c, d, a, in[ 7], 19);
+

This is *not* the usual way, the arguments aren't rotated, and I think
the result is seriously compromised security...
+ /* Round 2 */
+ GG (a, b, c, d, in[ 0], 3);
+ GG (d, a, b, c, in[ 4], 5);
+ GG (a, b, c, d, in[ 1], 9);
+ GG (d, a, b, c, in[ 5], 13);
+ GG (a, b, c, d, in[ 2], 3);
+ GG (d, a, b, c, in[ 6], 5);
+ GG (a, b, c, d, in[ 3], 9);
+ GG (d, a, b, c, in[ 7], 13);

Likewise...
+ /* Round 3 */
+ HH (a, b, c, d, in[ 0], 3);
+ HH (c, d, a, b, in[ 4], 9);
+ HH (a, b, c, d, in[ 2], 11);
+ HH (c, d, a, b, in[ 6], 15);
+ HH (a, b, c, d, in[ 1], 3);
+ HH (c, d, a, b, in[ 5], 9);
+ HH (a, b, c, d, in[ 3], 11);
+ HH (c, d, a, b, in[ 7], 15);

I have a patch on the way to Ted which fixes this and speeds things
up a little more. But I wanted to stop the wheels turning first,
lest something Bad happen...

-- 
	-Colin

Next message: Jean-Philippe Langlois: "Re: kernel structures 2.0.29->2.0.30"
Previous message: Ingo Molnar: "Re: Patches to speed up SLIP and PPP"