[cryptography] Oddity in common bcrypt implementation
pgut001 at cs.auckland.ac.nz
Mon Jun 20 23:38:39 EDT 2011
Jeffrey Walton <noloader at gmail.com> writes:
>The 'details' mentioned above is at http://www.schneier.com/blowfish-bug.txt,
>and here's the crux of Morgan's report:
> [bfinit] chokes whenever the most significant bit
> of key[j] is a '1'. For example, if key[j]=3D0x80,
> key[j], a signed char, is sign extended to 0xffffff80
> before it is ORed with data....
When I saw Solar's post I actually wondered whether it was this bug,
propagated through the use of that BF implementation.
More information about the cryptography