Re: preventing sequence number guessing

der Mouse (mouse@Collatz.McRCIM.McGill.EDU)
Mon, 30 Jan 1995 07:04:39 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Robinson: "Re: preventing sequence number guessing"
Previous message: Jon Peatfield: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Maybe in reply to: David A. Wagner: "preventing sequence number guessing"
Next in thread: der Mouse: "Re: preventing sequence number guessing"

>> I *heard* that there was one bug in the MD5 code printed in the RFC,
>> but I've never tried it myself.
> Someone want to check this?

I dunno...but I wrote an implementation de novo, strictly to the text
spec, and when I tested it with the half-dozen sample strings in the
RFC it checked out fine.  (I did this because I was not willing to
tolerate the copyright on the code in the RFC.)

Not that that necessarily proves anything, of course.  I didn't compile
the code from the RFC and test it to see whether it produced those same
test hashes...though I would assume the code they print is the code
they used to generate that test.

(Actually, there is one minor bug: the compile-time defaulting of which
of the MD2/MD3/MD4/MD5 variants is used, in the driver program, is
buggy.  As I recall, it's something like doing "#define MD MD5"
(instead of the correct "#define MD 5") when MD is not defined.)

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

Next message: Paul Robinson: "Re: preventing sequence number guessing"
Previous message: Jon Peatfield: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Maybe in reply to: David A. Wagner: "preventing sequence number guessing"
Next in thread: der Mouse: "Re: preventing sequence number guessing"