Hi all,
On Sat, Jun 16, 2012 at 03:39:35PM +0200, Pierre Joye wrote:
> Adding Alex to the loop as his insight will be unvaluable in this thread.
Thank you for the chance to comment, and sorry that I did not do so yet.
I am busy with lots of other stuff. I'd appreciate it if you don't
hurry to im
On Wed, Jun 27, 2012 at 07:51:38AM -0400, Anthony Ferrara wrote:
>
> > Note: _if_ you ask for a portable hash. What else should it do if you
> > ask it for just that?
>
> That's a fair point. I guess since the adoption of 5.3, and the fact
> that 5.2 is dead (yet alone php4), has me thinking tha
Hi,
Attached is a quick patch for PHP 5.2.5 that replaces RSA's copyrighted
implementation of MD5 with my public domain one:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/popa3d/popa3d/md5/
This also results in faster and slightly smaller code (both source and
binary). On a Pe
On Sun, Dec 09, 2007 at 12:53:56PM +0100, Peter Brodersen wrote:
> A bit on a side note regarding the php function md5(): In general it
> is possible to supply an arbitrary number of bits as input to MD5.
> However, the implementation of md5() only takes a sting with octets as
> the smallest fragme
A few days ago, I wrote:
> Attached is a quick patch for PHP 5.2.5 that replaces RSA's copyrighted
> implementation of MD5 with my public domain one:
>
>
> http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/popa3d/popa3d/md5/
>
> This also results in faster and slightly smaller code (
he modified files:
>| Copyright (c) 1997-2008 The PHP Group|
...
>| Author: Solar Designer|
So you claim copyright to a modified version of my code, that I had
placed in the public domain. This is fine by me.
I do not formally require it (in
Hi Steph,
On Wed, Feb 06, 2008 at 12:18:37AM -, Steph Fox wrote:
> Stupid question maybe, but why can't you use your given name for this?
I can, and I don't mind you replacing all occurrences of "Solar
Designer" with "Alexander Peslyak" in these two files
tible implementation of the RSA Data Security,
> * * Inc. MD5 Message-Digest Algorithm (RFC 1321).
> **
> * * Written by Solar Designer in 2001, and placed
> * * in the public domain. There's absolutely no warranty.
> * *
> ** This
A followup on my own posting:
> ...and except for adding a note that I'm not the only author (not of the
> modified code). That's fine, if it's your preference, I don't care much
> either way.
Actually, I am also not the author of some of the code that you're
leaving intact in PHP's md5.c - that
On Thu, Feb 07, 2008 at 01:11:38PM +0300, Dmitry Stogov wrote:
> However new version breaks ext/hash md4. (ext/hash/tests/md4.phpt is
> broken).
Oh, I am able to reproduce this with my original patch:
PASS hmac-md5 algorithm [ext/hash/tests/hmac-md5.phpt]
PASS md2 algorithm [ext/hash/tests/md2.
I wrote:
> Oh, I am able to reproduce this with my original patch:
>
> PASS hmac-md5 algorithm [ext/hash/tests/hmac-md5.phpt]
> PASS md2 algorithm [ext/hash/tests/md2.phpt]
> FAIL md4 algorithm [ext/hash/tests/md4.phpt]
> PASS md5 algorithm [ext/hash/tests/md5.phpt]
> PASS ripemd128 algorithm
I wrote:
> OK, I think I found it. ext/hash/php_hash_md.h has this:
>
> #define PHP_MD4Init PHP_MD5Init
>
> which breaks when the two implementations are not that similar anymore.
> Replacing the MD4 implementation with mine as well would fix this (or
> hide the bug, dependin
On Thu, Feb 07, 2008 at 07:38:08PM +0300, Dmitry Stogov wrote:
> According to algorithm "used" and "free" in PHP_MD5Final cannot be more
> than 64, so I don't see any reason for unnecessary conversions. Looking
> more careful I think they must be changed into php_uint32 in
> PHP_MD5Update too.
Hi Pierre,
On Thu, Feb 07, 2008 at 03:00:55PM +0100, Pierre Joye wrote:
> Nice addition but can you please try to keep on thread for the
> discussions? Thanks :-)
Are you referring to the changing Subject? If so, I prefer Subjects
that reflect message content, whereas threading can, should, and
On Thu, Feb 07, 2008 at 04:21:15PM +0300, Dmitry Stogov wrote:
> I assume now the patch is ready to commit.
> I'll commit it tomorrow in case of no objections.
Yes, it is. No objections from me.
Just two minor points:
1. You have not yet fixed the size_t vs. php_uint32 issue in
PHP_MD5Final(),
Hi,
First of all, thank you for getting this functionality into PHP proper.
It appears that the file was very slightly out of date. crypt_blowfish
1.0.2 additionally made this change:
-#elif defined(__alpha__) || defined(__hppa__)
+#elif defined(__x86_64__) || defined(__alpha__) || defined(__hp
On Sun, Jun 07, 2009 at 11:06:45PM +0200, Pierre Joye wrote:
> Thank for your work, I'm the one who merged your implementation to PHP
> (we had a discussion about it btw, per email if you remember :).
Yes, I recalled that, and this is why I CC'ed you on my posting.
> Thanks for the review and the
On Mon, Jun 08, 2009 at 08:22:15PM +0200, Pierre Joye wrote:
> Sadly I do not have the time yet to fix the behavior (remove the
> workaround/BC hack or the on error behavior). If you like to (or have
> the time to :), you can five it a try, that will be very helpful. Or I
> can work on that next we
@@ -1,6 +1,8 @@
PHPNEWS
|||
?? ??? , PHP 5.3.7
+- Improved core functions:
+ . Updated crypt_blowfish to 1.2. (Solar Designer)
14 Jul 2011, PHP 5.3.7 RC3
- Zen
On Sun, Jul 17, 2011 at 04:29:15PM -0600, Joey Smith wrote:
> On Sun, Jul 17, 2011 at 10:26:16PM +0400, Solar Designer wrote:
> > + * For actual implementation, we set an array index in the variable "bug"
> > + * (0 means no bug, 1 means sign extension bug emu
Hi,
On Mon, Jul 18, 2011 at 11:27:32PM +0200, Pierre Joye wrote:
> Thanks for the patches, applied to all active branches.
Thank you!
> About the tests, it would be very good to have them ported as phpt. As
> far as I remember I did that back then when I first ported it to php.
No, your tests a
Hi,
These tests fail in trunk on my x86_64 build:
crypt_sha256.phpt
crypt_variation1.phpt
The differences are like this:
Expected: <$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
Got <$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C3>
That is, the salts are truncated. Th
On Wed, Jul 20, 2011 at 06:21:16PM -0700, Stas Malyshev wrote:
> On 7/19/11 4:44 PM, Solar Designer wrote:
> >Expected:<$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5>
> >Got<$5$saltst$JTS/fkywz8NvjeCGmWDndJPi7ZrRFhQKBLNtQZWE2C3>
[...]
> Yes, we had buffer
Hi,
Please apply the patches from:
http://news.php.net/php.internals/54098
at least the crypt.c bugfix is a must to apply before releasing 5.3.7
and 5.4.0.
On Wed, Jul 20, 2011 at 03:37:14AM +0400, Solar Designer wrote:
...
> Anyway, attached are patches adding the tests from crypt_blowf
Pierre,
Thanks for the prompt response.
On Sun, Jul 31, 2011 at 12:12:48PM +0200, Pierre Joye wrote:
> On Sun, Jul 31, 2011 at 10:31 AM, Solar Designer wrote:
> > http://news.php.net/php.internals/54098
> >
> > at least the crypt.c bugfix is a must to apply before releasin
On Sun, Jul 31, 2011 at 08:56:30PM +0200, Pierre Joye wrote:
> It looks like your original patch did not change anything in crypt.c
That's correct. I overlooked the need to modify crypt.c initially.
I only got to that when adding the extra tests, at which time I also
found the incorrect check in
Hi Stas, Pierre -
On Sun, Jul 31, 2011 at 02:43:12PM -0700, Stas Malyshev wrote:
> On 7/19/11 4:44 PM, Solar Designer wrote:
> >That is, the salts are truncated. There's a relevant recent change in
> >crypt.c involving the line:
> >
> > salt_in_len = M
On Mon, Aug 01, 2011 at 02:33:27AM +0400, Solar Designer wrote:
> On Sun, Jul 31, 2011 at 02:43:12PM -0700, Stas Malyshev wrote:
> > The change that introduced this problem is:
> > http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/crypt_sha256.c?r1=300427&r2=3
On Mon, Aug 01, 2011 at 02:54:29AM +0400, Solar Designer wrote:
> On Mon, Aug 01, 2011 at 02:33:27AM +0400, Solar Designer wrote:
> > On Sun, Jul 31, 2011 at 02:43:12PM -0700, Stas Malyshev wrote:
> > > The change that introduced this problem is:
> > > http://svn
On Mon, Aug 22, 2011 at 03:19:53PM +0200, Ferenc Kovacs wrote:
> we expected this imo.
> http://www.mail-archive.com/internals@lists.php.net/msg51683.html
> http://www.mail-archive.com/internals@lists.php.net/msg51687.html
Definitely.
> On Mon, Aug 22, 2011 at 3:05 PM, Pierre Joye wrote:
> > it
On Mon, Aug 22, 2011 at 04:01:46PM +0200, Pierre Joye wrote:
> On Mon, Aug 22, 2011 at 3:52 PM, Solar Designer wrote:
> >> On Mon, Aug 22, 2011 at 3:05 PM, Pierre Joye wrote:
> >> > it seems that the changes break BC too, pls see
> >> > https://bugs.php
On Tue, Aug 23, 2011 at 11:31:02AM +0200, Hannes Magnusson wrote:
> Added to http://php.net/security/crypt, and added a link from the
> release announcement and changelog.
> (should show up in an hour or two).
Thanks. I suggest the following three changes:
1. Change the title from "crypt() secur
On Mon, Jan 11, 2016 at 10:04:36AM -0500, Anthony Ferrara wrote:
> To my understanding, the crypt scheme hasn't been formalized. Solar
> Designer, can you confirm?
I think it has been, in the way defined by encoding.c in:
https://github.com/P-H-C/phc-winner-argon2
$ echo password
Hi,
This commit:
commit 03315d9625dc87515f1dfbf1cc7d53c4451b5ec9
Author: Pierre Joye
Date: Mon Jul 18 21:26:29 2011 +
- update blowfish to 1.2 (Solar Designer)
documented this hack:
$ git show 03315d9625dc87515f1dfbf1cc7d53c4451b5ec9 | fgrep -i hack
+ if (tmp == '$&#x
Hi Pierre,
On Mon, Mar 28, 2016 at 02:22:13PM +0700, Pierre Joye wrote:
> On Sun, Mar 27, 2016 at 10:16 PM, Solar Designer wrote:
> > $ git show 03315d9625dc87515f1dfbf1cc7d53c4451b5ec9 | fgrep -i hack
> > + if (tmp == '$') break; /* PHP hack */ \
> > +
Hi,
It is well-known that it is impossible to map e.g. a 32-bit random
number with a uniform distribution over its full range of values onto a
range with fewer different values while maintaining a uniform
distribution, except when the target range contains a whole power of 2
number of different va
On Wed, Aug 16, 2017 at 10:06:02PM +0200, Nikita Popov wrote:
> I'd suggest to split the 32-bit and 64-bit code codepaths entirely, as the
> interleaved #ifs are somewhat hard to follow. Something like
> https://gist.github.com/nikic/64e7ec58ebb6121d350fb80927a65082 (not
> thoroughly tested).
This
On Wed, Aug 16, 2017 at 11:41:55PM +0200, Solar Designer wrote:
> On Wed, Aug 16, 2017 at 10:06:02PM +0200, Nikita Popov wrote:
> > I'd suggest to split the 32-bit and 64-bit code codepaths entirely, as the
> > interleaved #ifs are somewhat hard to follow. Some
On Thu, Aug 17, 2017 at 12:57:56AM +0200, Nikita Popov wrote:
> On Thu, Aug 17, 2017 at 12:02 AM, Solar Designer wrote:
> > One difference I didn't notice at first: the currently committed code
> > does only one php_mt_rand() call per loop iteration when it's skipping
&g
On Thu, Aug 17, 2017 at 03:18:30PM +0200, Solar Designer wrote:
> On Thu, Aug 17, 2017 at 12:57:56AM +0200, Nikita Popov wrote:
> > On Thu, Aug 17, 2017 at 12:02 AM, Solar Designer wrote:
> > > One difference I didn't notice at first: the currently committed code
> >
On Thu, Sep 07, 2017 at 08:23:22PM +0200, Nikita Popov wrote:
> Sorry for the long delay. I've just applied
> https://github.com/php/php-src/commit/fd07302024bc47082b13b32217147fd39d1e9e61
> to the 7.2 branch.
Thank you!
Maybe you'd add similar tests for 64-bit ranges? Right now,
rand_range64()'
On Fri, Sep 08, 2017 at 07:56:23AM -0400, Tom Worster wrote:
> From: Nikita Popov
> >
> >Sorry for the long delay. I've just applied
> >https://github.com/php/php-src/commit/fd07302024bc47082b13b32217147fd39d1e9e61
> >to the 7.2 branch.
> >
> >Davey, Joe, do we want to take action here for 7.1? It
42 matches
Mail list logo
