sha1 hash using libgcrypt different from what returns sha1sum
David Shaw
dshaw at jabberwocky.com
Tue Nov 12 20:06:09 CET 2013
On Nov 11, 2013, at 6:44 PM, Yuriy Kaminskiy <yumkam at gmail.com> wrote:
> This u32 counter overflows after processing (2**32)*64 bytes (== 2**38 B == 256
> GiB).
> Actually, as number of bytes in final blocks will be added to [effectively]
> 64-bit variable, those "nblocks wraparound effects" will be visible only with
> files over (2**38)+63 bytes, very peculiar limit.
>
> I strongly believe this is a bug, I have not found any such behavior in standard
> - only limitation for SHA-1 is 2**64 bits (2**61 bytes).
Nice find! This is a problem.
> There are exactly same bug with sha256 and md5 implementations (but, curiously,
> there are *no* similar problem in sha512).
Yes. SHA-512 (and thus SHA-384) are inherently 64-bit. They don't even build unless the compiler supports 64-bit types.
David
More information about the Gnupg-devel
mailing list