Menu
▾
▴
Re: [Jpwsafe-devel] SHA-1 question
|
From: ronys <ro...@us...> - 2009-02-02 07:45:25
|
Hi, Regarding SHA-1, this is part of the old V1.x format implementation I inherited when I took over the PasswordSafe project, way back when... The implementation did have a couple of subtle bugs, and what you found may be one of them - I couldn't find direct mention of it, though. In any case, this is a bit moot, given that the current format uses Twofish and SHA-256. Cheers, Rony > > > Message: 7 > Date: Sun, 1 Feb 2009 08:30:13 -0500 > From: Michael Tiller <mic...@gm...> > Subject: [Jpwsafe-devel] Help: Nearly there... > To: jpw...@li... > Message-ID: > <3d8...@ma...> > Content-Type: text/plain; charset="iso-8859-1" > > I set out to get rid of dependencies on BlowfishJ. I've actually managed to > do this successfully for CBC and ECB modes. All that is left is SHA-1. > Easy, right? Well, harder than I thought. > > "How hard could it be?" I thought. Well, the problem isn't in the SHA1, it > is in the "chaining" of SHA1s. Specifically, BlowfishJ's implementation > contains a "clear" method which is definitely different from Bouncy Castles > "reset" (or any other method that BC provides). > > Now it seems like we've been down this road before. Searching around, I > found this: > > http://jpws.sourceforge.net/pwslib/api/org/jpws/pwslib/crypto/SHA1.html > > So it looks like Pws used to have a native implementation (with exactly the > function I need based on that documentation). So what happened to that > implementation? Were there licensing issues with it or something? If not, > is there any reason to not bring it back?!? > > I never would have guessed while wading through all that CBC/EBC/endianness > stuff with Blowfish that something as seemingly standard as SHA-1 would > prove to be a hang up. > > Hopefully somebody here can fill me in. This is literally the last dangling > dependency on BlowfishJ. > > P.S. - The point of using Bouncy Castle is to move to something where a > lightweight implementation is available thereby enabling J2ME/mobile > platforms. > > -- > Mike > - -- Ubi dubium, ibi libertas (where there is doubt, there is freedom) |
