Re: 64 bits computer always returns the same salt

Wed, 16 Apr 2008 05:40:01 -0700 

David Erosa García wrote:
> Hello all. 
>
> I tried the openssl-users list but I think this may be a question for
> the devel list:
>
> I'm doing my "homework" about openssl, but *this question has nothing to
> do with it*. It's just a doubt that arised while doing it. 
>
> There is one exercise with the following text: 
>
> -------- 
> Con el comando “openssl enc” y la siguiente clave AES: 
> 188458A6D15034DFE386F23B61D43774 se puede descifrar cierta información. 
> Podrías decir cual? 
> -------- 
> Using the command " openssl enc" and the following AES key: 
> 188458A6D15034DFE386F23B61D43774 you can decode some information, could 
> you say what? 
>
> I started playing with "openssl enc" and I thought the only thing I 
> could "guess" was the salt (Surely I'm wrong). 
>
> So I ran the command with a random IV: 
> openssl enc -aes128 -K 188458A6D15034DFE386F23B61D43774 -iv 1 -P 
>
> I found that the salt varies as it should on two machines with 32 bit 
> CPU (not my main one): 
>
> Office's computer (openssl 0.9.8g-4ubuntu2): 
> salt=4075DFB76496F2B7 
> salt=4045D8B76466EBB7 
> salt=40C5DAB764E6EDB7 
> salt=4015DEB76436F1B7 
> salt=4025DFB76446F2B7 
>
> A server I have somewhere else (openssl 0.9.8c-4etch1): 
> salt=50D882BF0C000000 
> salt=B05DD9BF0C000000 
> salt=A0CCC7BF0C000000 
> salt=E0C88BBF0C000000 
> salt=204190BF0C000000 
>
> But when I run it on my main computer, it always outputs the same salt! 
> This machine is a 64bit CPU, running a 64bits linux distribution 
> (openssl 0.9.8g-4ubuntu2): 
>
> salt=0004000000000000 
> salt=0004000000000000 
> salt=0004000000000000 
> salt=0004000000000000 
>
> I've been searching through  the openssl lists and found nothing about
> this behavior. 
>
> What can be happening? Is it about the 64 bit version of openssl? 
>   
No, the actual output may depend on the system but the reason behind it
is found in apps/enc.c:
...
        if (cipher != NULL)
                {
                /* Note that str is NULL if a key was passed on the command
                 * line, so we get no salt in that case. Is this a bug?
                 */
                if (str != NULL)
...

In the case the "str == NULL" the memory containing the "salt" is an
uninitialized part of the stack so its content is undefined and the
behavior will depend on system and compiler (options) used.

Best regards,
    Lutz

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to