sha1 hash using libgcrypt different from what returns sha1sum

Filip M. Nowak gnupg at oneiroi.net
Wed Nov 13 22:40:31 CET 2013


Hello,

On 13.11.2013 22:05, Daniel Kahn Gillmor wrote:
> On 11/13/2013 02:00 PM, Werner Koch wrote:
>> On Wed, 13 Nov 2013 15:57, dkg at fifthhorseman.net said:
>>
>>> If you don't mind burning a lot of CPU, it's pretty easy to generate a
>>> test vector from /dev/zero ("pee" is from the moreutils package, but
>>
>> That is not the problem.  The hashing of 256GB takes alone 14 minutes on
>> my box - using the latest optimized code.  Nothing you want to do
>> everytime in a regression suite.
> 
> (...)
> 
> hm, I was just offering reasonable and clearly-understood test vectors
> that are easily available.  I'm not sure non-compressability is a
> characteristic we need care about for a test vectors to avoid a
> regression into this particular bug.


Apologies for non-technical comment in advance...

In case of security-oriented software is quite sane to define software's
capability and limitations and back it by tests. Working with bigger
volumes of data is real use case and in future will be even more
probable. Actually such information could be good add-on to existing FAQ.

	Cheers,
	Filip




More information about the Gnupg-devel mailing list