Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
Flaw in ruby-crypt's GOST implementation
Hartog C. de Mik
3/7/2009 4:33:00 PM
2 Answers
Hartog C. de Mik
3/7/2009 4:40:00 PM
0
On Sun, Mar 08, 2009 at 01:33:14AM +0900, Hartog C. de Mik wrote:
>
>
... is it that I PGP sign my messages that no text appears?
Let's try again - I have found a flaw in the pure Ruby
crypto-suite. It concerns the GOST implementation.
If you are using GOST as a cipher I would advice you to switch to an
other cipher until the problem is propperly fixed.
Please read my blog post (
http://...
) for more information.
Kind Regards,
Hartog C. de Mik
--
-.-. --- ..-. ..-. . . .- -.. -.. .. -.-. -
Nobuyoshi Nakada
3/9/2009 9:46:00 AM
0
Hi,
At Sun, 8 Mar 2009 01:39:32 +0900,
Hartog C. de Mik wrote in [ruby-talk:330604]:
> Please read my blog post (
http://...
) for more information.
>
http://www.coffeeaddict.nl/blog/200...
> I patched my version of gost.rb to use the key preparation I
> found in the C# version of bouncycastle.org. Where the
> original code has become:
>
> # derive the 32-byte key from the user-supplied key
> if (userKey.length < 32)
> userKey.length.upto(31) { userKey = userKey << "0" }
> end
>
> # make the 8 sub keys
> @key = []
> for i in (0..7)
> @key[i] = bytesToInt(userKey,i*4);
> end
It can be done more concisely.
@key = userKey[0...32].ljust(32, "\0").unpack("V*")
--
Nobu Nakada
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Flaw in ruby-crypt's GOST implementation
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password