On 05/07/12 20:00, [email protected] wrote:
> Source: aircrack-ng
> Version: 1:1.1-3
> Severity: important
> 
> Hi,
> 
> aircrack-ng currently fails to build from source on most
> architectures:
> https://buildd.debian.org/status/package.php?p=aircrack-ng
> 
> If nobody plans to fix the actual problem soon,
> I suggest building the package for i386 and amd64 only.
> 
> I'd rather see Wheezy shipped with aircrack-ng built for these
> architectures (where it's the most likely to be used) only for none
> at all.
> 
> Thanks for maintaining aircrack-ng in Debian!
> 
> 
> 

Hello,


The problem is related to the GnuTLS/gcrypt patch (See #642934) . This
patch broke the function calc_pmk() on crypto.c

However, on x86/AMD64 this function is not used because there is a SSE2
optimized version that is used instead (calc_4pmk() on sha1-sse2.h). So
this bug is completely unnoticed until you test aircrack-ng on a
non-sse2 machine.


I am already aware of this and I have a new version of the patch that
fixes this issue... However it turns out that GnuTLS/gcrypt is terribly
slow when compared with OpenSSL doing sha1 calculations. The previous
benchmarks that I did were completely wrong because I did it on a AMD64
machine, and therefore aircrack-ng was using the SSE2 optimized
calc_4pmk() function instead of calc_pmk().


So I have been researching about the fastest sha1 implementations, and I
ported the calc_pmk() function to 5 different sha1 implementations:


Number of wpa keys tested per second (on a Nokia N9 (armel)):
-------------------------------------------------------------

Sha1 code from OpenSSL (original one):                      163.76 k/s
Sha1 code from Gcrypt (GnuTLS) :                             23.02 k/s
Sha1 code from GNUlib (sha1sum from coreutils) :            146.08 k/s
Sha1 code from wpa_supplicant (1.0) :                        73.81 k/s
Sha1 code from Beecrypt :                                   116.85 k/s
Sha1 code from git :                                        162.33 k/s


It turns out that the fastest sha1 implementation (after OpenSSL) is the
git one. So for the time being, I think I am going to borrow the sha1
code from git and use it wherever possible instead of the GnuTLS/gcrypt
sha1 functions.


I want also to build a small testcase to automatic test all functions of
crypto.c to ensure that everything behave exactly in the same way with
OpenSSL than with this patch (GnuTLS/sha1-git) to prevent more issues
related to this on the future.


I don't think that the current version (1:1.1-3) should go into Wheezy
because of this issues. Perhaps (1:1.1-4) if the release team give an
exception could be the only chance of having aircrack-ng on Wheezy.


Will be working on this... thanks for reporting the issue!


Best regards!

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carlos Alberto Lopez Perez                           http://neutrino.es
Igalia - Free Software Engineering                http://www.igalia.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to