Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible Bug allowing to brute force attack #2195

Closed
DemonRx opened this issue Jan 8, 2017 · 3 comments
Closed

Possible Bug allowing to brute force attack #2195

DemonRx opened this issue Jan 8, 2017 · 3 comments

Comments

@DemonRx
Copy link

DemonRx commented Jan 8, 2017
edited
Loading

https://zerobin.net/?1a5c958003e1461c#PsJTz6BWiopY9aDLtl7trk5zVMBIsCw1MP91zZq4xcY=

Please look into the validity of this claim, I did not do the write-up, it was posted through a slack chat, I'm providing it here for the devs to investigate. thank you
@magicgoose
Copy link

Just in case link goes dead, a backup: https://gist.github.com/magicgoose/fd442218cbfc23a7a594192675fc8517

@levitte
Copy link
Member

levitte commented Jan 9, 2017

This is discussed quite a bit on reddit as well. There are some responses in that thread that do sum things up pretty well, it makes for a good read.

To sum it up:

  • iteration count 1 isn't the best. Add support for PBKDF2 for enc command #2083 addresses that as well as getting a more modern KDF.
  • the numbers mentioned at the end of the text you linked to are thread IDs and have nothing to do with any randomness at all.

@levitte
Copy link
Member

levitte commented Jan 9, 2017

As far as I can see, the actual issue is addressed. Closing this ticket.

@levitte levitte closed this as completed Jan 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@levitte @magicgoose @DemonRx