Bugtraq mailing list archives
Re: preventing sequence number guessing
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Mon, 30 Jan 1995 07:04:39 -0500
I *heard* that there was one bug in the MD5 code printed in the RFC, but I've never tried it myself.Someone want to check this?
I dunno...but I wrote an implementation de novo, strictly to the text spec, and when I tested it with the half-dozen sample strings in the RFC it checked out fine. (I did this because I was not willing to tolerate the copyright on the code in the RFC.) Not that that necessarily proves anything, of course. I didn't compile the code from the RFC and test it to see whether it produced those same test hashes...though I would assume the code they print is the code they used to generate that test. (Actually, there is one minor bug: the compile-time defaulting of which of the MD2/MD3/MD4/MD5 variants is used, in the driver program, is buggy. As I recall, it's something like doing "#define MD MD5" (instead of the correct "#define MD 5") when MD is not defined.) der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: preventing sequence number guessing der Mouse (Jan 28)
- Re: preventing sequence number guessing Julian Assange (Jan 29)
- Re: preventing sequence number guessing Paul Robinson (Jan 29)
- <Possible follow-ups>
- Re: preventing sequence number guessing Paul Robinson (Jan 29)
- Re: preventing sequence number guessing der Mouse (Jan 30)