[squeak-dev] MD5 is broken (Cryptography)

casimiro barreto casimiro.barreto at gmail.com
Wed Jun 7 20:26:27 UTC 2017 

>From MonticelloBrowser: http://www.squeaksource.com/Cryptography package
Cryptography

2017-06-07 17:14 GMT-03:00 Nicolas Cellier <
nicolas.cellier.aka.nice at gmail.com>:

>
>
> 2017-06-07 21:40 GMT+02:00 casimiro barreto <casimiro.barreto at gmail.com>:
>
>> MD5 (non primitive and with primitive) is broken because it relies on the
>> conversion of Character to SmallInteger so the method shiftBits:
>>
>> Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:
>>
>> which is called from MD5NonPrimitive>>proccessBuffer:
>>
>> Error is: Instance of Character did not understand #bitShift and happened
>> at:
>>
>> reverseLoadFrom: aByteArray at: index
>>     "Load my 32-bit value from the four bytes of the given ByteArray
>> starting at the given index. Consider the first byte to contain the most
>> significant bits of the word (i.e., use big-endian byte ordering)."
>>
>>     hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at:
>> index + 2).
>>     low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at:
>> index).
>>
>>
> Thanks for reporting. Obviously, the code expects a ByteArray, not a
> String, so there is some contract broken.
>
> Could you remind me where to find/load which package?
>
>
>> --
>> The information contained in this message is confidential and
>> intended to the recipients specified in the headers. If you received
>> this message by error, notify the sender immediately. The
>> unauthorized use, disclosure, copy or alteration of this message
>> are strictly forbidden and subjected to civil and criminal sanctions.
>>
>>
>>
>>
>
>
>
>


-- 
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20170607/5a70f56a/attachment.html>

More information about the Squeak-dev mailing list