Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: preventing sequence number guessing

From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Mon, 30 Jan 1995 07:04:39 -0500


I *heard* that there was one bug in the MD5 code printed in the RFC,
but I've never tried it myself.

Someone want to check this?


I dunno...but I wrote an implementation de novo, strictly to the text
spec, and when I tested it with the half-dozen sample strings in the
RFC it checked out fine.  (I did this because I was not willing to
tolerate the copyright on the code in the RFC.)

Not that that necessarily proves anything, of course.  I didn't compile
the code from the RFC and test it to see whether it produced those same
test hashes...though I would assume the code they print is the code
they used to generate that test.

(Actually, there is one minor bug: the compile-time defaulting of which
of the MD2/MD3/MD4/MD5 variants is used, in the driver program, is
buggy.  As I recall, it's something like doing "#define MD MD5"
(instead of the correct "#define MD 5") when MD is not defined.)

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu
Previous By Date Next
Previous By Thread Next

Current thread: