[841] in bugtraq
Re: preventing sequence number guessing
daemon@ATHENA.MIT.EDU (der Mouse)
Mon Jan 30 09:23:55 1995
Date: Mon, 30 Jan 1995 07:04:39 -0500
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: tdarcos@access.digex.net
Cc: bugtraq@fc.net
>> I *heard* that there was one bug in the MD5 code printed in the RFC,
>> but I've never tried it myself.
> Someone want to check this?
I dunno...but I wrote an implementation de novo, strictly to the text
spec, and when I tested it with the half-dozen sample strings in the
RFC it checked out fine. (I did this because I was not willing to
tolerate the copyright on the code in the RFC.)
Not that that necessarily proves anything, of course. I didn't compile
the code from the RFC and test it to see whether it produced those same
test hashes...though I would assume the code they print is the code
they used to generate that test.
(Actually, there is one minor bug: the compile-time defaulting of which
of the MD2/MD3/MD4/MD5 variants is used, in the driver program, is
buggy. As I recall, it's something like doing "#define MD MD5"
(instead of the correct "#define MD 5") when MD is not defined.)
der Mouse
mouse@collatz.mcrcim.mcgill.edu