MD5 is broken (Cryptography)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

MD5 is broken (Cryptography)

CdAB63
MD5 (non primitive and with primitive) is broken because it relies on the conversion of Character to SmallInteger so the method shiftBits:

Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:

which is called from MD5NonPrimitive>>proccessBuffer:

Error is: Instance of Character did not understand #bitShift and happened at:

reverseLoadFrom: aByteArray at: index
    "Load my 32-bit value from the four bytes of the given ByteArray
starting at the given index. Consider the first byte to contain the most
significant bits of the word (i.e., use big-endian byte ordering)."

    hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at: index + 2).
    low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at: index).

--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.


Reply | Threaded
Open this post in threaded view
|

Re: MD5 is broken (Cryptography)

Nicolas Cellier


2017-06-07 21:40 GMT+02:00 casimiro barreto <[hidden email]>:
MD5 (non primitive and with primitive) is broken because it relies on the conversion of Character to SmallInteger so the method shiftBits:

Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:

which is called from MD5NonPrimitive>>proccessBuffer:

Error is: Instance of Character did not understand #bitShift and happened at:

reverseLoadFrom: aByteArray at: index
    "Load my 32-bit value from the four bytes of the given ByteArray
starting at the given index. Consider the first byte to contain the most
significant bits of the word (i.e., use big-endian byte ordering)."

    hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at: index + 2).
    low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at: index).


Thanks for reporting. Obviously, the code expects a ByteArray, not a String, so there is some contract broken.

Could you remind me where to find/load which package?
 
--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.






Reply | Threaded
Open this post in threaded view
|

Re: MD5 is broken (Cryptography)

CdAB63
From MonticelloBrowser: http://www.squeaksource.com/Cryptography package Cryptography

2017-06-07 17:14 GMT-03:00 Nicolas Cellier <[hidden email]>:


2017-06-07 21:40 GMT+02:00 casimiro barreto <[hidden email]>:
MD5 (non primitive and with primitive) is broken because it relies on the conversion of Character to SmallInteger so the method shiftBits:

Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:

which is called from MD5NonPrimitive>>proccessBuffer:

Error is: Instance of Character did not understand #bitShift and happened at:

reverseLoadFrom: aByteArray at: index
    "Load my 32-bit value from the four bytes of the given ByteArray
starting at the given index. Consider the first byte to contain the most
significant bits of the word (i.e., use big-endian byte ordering)."

    hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at: index + 2).
    low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at: index).


Thanks for reporting. Obviously, the code expects a ByteArray, not a String, so there is some contract broken.

Could you remind me where to find/load which package?
 
--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.










--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.


Reply | Threaded
Open this post in threaded view
|

Re: MD5 is broken (Cryptography)

Nicolas Cellier
OK,  so which MC version exactly, which image, which VM, which OS, and what step to reproduce? Is it from SqueakMap? a ConfigurationOfCryptography?

If I load in up-to-date trunk spur 32 bits image, for example Cryptography-rww.55 (because it has reasonnable log message),
then test this snippet:

    MD5NonPrimitive hashStream: 'foobar' readStream.

I get a ByteArray answer without failure:

    #[56 88 246 34 48 172 60 145 95 48 12 102 67 18 198 63]

same for
    MD5 new hashMessage: 'foo'

same with latest Cryptography-rww.71...




2017-06-07 22:26 GMT+02:00 casimiro barreto <[hidden email]>:
From MonticelloBrowser: http://www.squeaksource.com/Cryptography package Cryptography

2017-06-07 17:14 GMT-03:00 Nicolas Cellier <[hidden email]>:


2017-06-07 21:40 GMT+02:00 casimiro barreto <[hidden email]>:
MD5 (non primitive and with primitive) is broken because it relies on the conversion of Character to SmallInteger so the method shiftBits:

Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:

which is called from MD5NonPrimitive>>proccessBuffer:

Error is: Instance of Character did not understand #bitShift and happened at:

reverseLoadFrom: aByteArray at: index
    "Load my 32-bit value from the four bytes of the given ByteArray
starting at the given index. Consider the first byte to contain the most
significant bits of the word (i.e., use big-endian byte ordering)."

    hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at: index + 2).
    low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at: index).


Thanks for reporting. Obviously, the code expects a ByteArray, not a String, so there is some contract broken.

Could you remind me where to find/load which package?
 
--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.










--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.






Reply | Threaded
Open this post in threaded view
|

Re: MD5 is broken (Cryptography)

CdAB63
I loaded it in Squeak 6.0 (trunk), Pharo 6.0 (32), Squeak 5.1 all in one, Pharo 5 all in one... All the last versions. Not from ConfigurationOfCryptography (which does not exist in the repository) but http://www.squeaksource.com/Cryptography package is Cryptography-rww.71.mcz but same error is present in Cryptography-acp.70.mcz and olders. Assume it worked in squeak 3.9 & 4 (because I used it at that point with no problems). To reproduce the error just do:

md5hash := MD5 new.
md5hash initializeState.
md5hash processBuffer: 'Casimiro de Almeida Barreto'.
hc := sha256hash finalHash.

and you´ll get the corresponding error & debug needed.

It is not an urgent problem (since nobody is using MD5 anymore) but I just recovered old code that used it and the error appeared. I´m using SHA256 instead and it runs OK. But it is bad to have broken code in the repository.

Best regards,

Casimiro

2017-06-07 18:28 GMT-03:00 Nicolas Cellier <[hidden email]>:
OK,  so which MC version exactly, which image, which VM, which OS, and what step to reproduce? Is it from SqueakMap? a ConfigurationOfCryptography?

If I load in up-to-date trunk spur 32 bits image, for example Cryptography-rww.55 (because it has reasonnable log message),
then test this snippet:

    MD5NonPrimitive hashStream: 'foobar' readStream.

I get a ByteArray answer without failure:

    #[56 88 246 34 48 172 60 145 95 48 12 102 67 18 198 63]

same for
    MD5 new hashMessage: 'foo'

same with latest Cryptography-rww.71...




2017-06-07 22:26 GMT+02:00 casimiro barreto <[hidden email]>:
From MonticelloBrowser: http://www.squeaksource.com/Cryptography package Cryptography

2017-06-07 17:14 GMT-03:00 Nicolas Cellier <[hidden email]>:


2017-06-07 21:40 GMT+02:00 casimiro barreto <[hidden email]>:
MD5 (non primitive and with primitive) is broken because it relies on the conversion of Character to SmallInteger so the method shiftBits:

Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:

which is called from MD5NonPrimitive>>proccessBuffer:

Error is: Instance of Character did not understand #bitShift and happened at:

reverseLoadFrom: aByteArray at: index
    "Load my 32-bit value from the four bytes of the given ByteArray
starting at the given index. Consider the first byte to contain the most
significant bits of the word (i.e., use big-endian byte ordering)."

    hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at: index + 2).
    low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at: index).


Thanks for reporting. Obviously, the code expects a ByteArray, not a String, so there is some contract broken.

Could you remind me where to find/load which package?
 
--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.










--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.










--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.


Reply | Threaded
Open this post in threaded view
|

Re: MD5 is broken (Cryptography)

Levente Uzonyi
On Thu, 8 Jun 2017, casimiro barreto wrote:

> I loaded it in Squeak 6.0 (trunk), Pharo 6.0 (32), Squeak 5.1 all in one, Pharo 5 all in one... All the last versions. Not from ConfigurationOfCryptography (which does not exist in the
> repository) but http://www.squeaksource.com/Cryptography package is Cryptography-rww.71.mcz but same error is present in Cryptography-acp.70.mcz and olders. Assume it worked in squeak 3.9 &
> 4 (because I used it at that point with no problems). To reproduce the error just do:
>
> md5hash := MD5 new.
> md5hash initializeState.
> md5hash processBuffer: 'Casimiro de Almeida Barreto'.

#processBuffer: is a private method, which expects a ByteArray of size 64.
A ByteString, or a smaller collection should not and will not work.
The following is expected to produce the correct output:

(MD5 hashMessage: 'Casimiro de Almeida Barreto') hex

In recent images, there's WebUtils, which uses a different MD5
implementation:

WebUtils md5Digest: 'Casimiro de Almeida Barreto'

It uses a plugin shipped with the released VMs, so it's at least 10x
faster.

Levente

> hc := sha256hash finalHash.
>
> and you´ll get the corresponding error & debug needed.
>
> It is not an urgent problem (since nobody is using MD5 anymore) but I just recovered old code that used it and the error appeared. I´m using SHA256 instead and it runs OK. But it is bad to
> have broken code in the repository.
>
> Best regards,
>
> Casimiro
>
> 2017-06-07 18:28 GMT-03:00 Nicolas Cellier <[hidden email]>:
>       OK,  so which MC version exactly, which image, which VM, which OS, and what step to reproduce? Is it from SqueakMap? a ConfigurationOfCryptography?
>
> If I load in up-to-date trunk spur 32 bits image, for example Cryptography-rww.55 (because it has reasonnable log message),
> then test this snippet:
>
>     MD5NonPrimitive hashStream: 'foobar' readStream.
>
> I get a ByteArray answer without failure:
>
>     #[56 88 246 34 48 172 60 145 95 48 12 102 67 18 198 63]
>
> same for
>     MD5 new hashMessage: 'foo'
>
> same with latest Cryptography-rww.71...
>
>
>
>
> 2017-06-07 22:26 GMT+02:00 casimiro barreto <[hidden email]>:
>       From MonticelloBrowser: http://www.squeaksource.com/Cryptography package Cryptography
>
> 2017-06-07 17:14 GMT-03:00 Nicolas Cellier <[hidden email]>:
>
>
>       2017-06-07 21:40 GMT+02:00 casimiro barreto <[hidden email]>:
>             MD5 (non primitive and with primitive) is broken because it relies on the conversion of Character to SmallInteger so the method shiftBits:
>
> Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:
>
> which is called from MD5NonPrimitive>>proccessBuffer:
>
> Error is: Instance of Character did not understand #bitShift and happened at:
>
> reverseLoadFrom: aByteArray at: index
>     "Load my 32-bit value from the four bytes of the given ByteArray
> starting at the given index. Consider the first byte to contain the most
> significant bits of the word (i.e., use big-endian byte ordering)."
>
>     hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at: index + 2).
>     low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at: index).
>
>
> Thanks for reporting. Obviously, the code expects a ByteArray, not a String, so there is some contract broken.
>
> Could you remind me where to find/load which package?
>  
>       --
>       The information contained in this message is confidential and
>       intended to the recipients specified in the headers. If you received
>       this message by error, notify the sender immediately. The
>       unauthorized use, disclosure, copy or alteration of this message
>       are strictly forbidden and subjected to civil and criminal sanctions.
>
>
>
>
>
>
>
>
>
>
> --
> The information contained in this message is confidential and
> intended to the recipients specified in the headers. If you received
> this message by error, notify the sender immediately. The
> unauthorized use, disclosure, copy or alteration of this message
> are strictly forbidden and subjected to civil and criminal sanctions.
>
>
>
>
>
>
>
>
>
>
> --
> The information contained in this message is confidential and
> intended to the recipients specified in the headers. If you received
> this message by error, notify the sender immediately. The
> unauthorized use, disclosure, copy or alteration of this message
> are strictly forbidden and subjected to civil and criminal sanctions.
>
>

Reply | Threaded
Open this post in threaded view
|

Re: MD5 is broken (Cryptography)

CdAB63
WebUtils not in latest Pharo... I guess it does not exist since Pharo 5 because it was discussed in this thread: http://forum.world.st/Parsing-SQL-in-a-Pharo-system-td4781777.html

2017-06-08 15:13 GMT-03:00 Levente Uzonyi <[hidden email]>:
On Thu, 8 Jun 2017, casimiro barreto wrote:

I loaded it in Squeak 6.0 (trunk), Pharo 6.0 (32), Squeak 5.1 all in one, Pharo 5 all in one... All the last versions. Not from ConfigurationOfCryptography (which does not exist in the
repository) but http://www.squeaksource.com/Cryptography package is Cryptography-rww.71.mcz but same error is present in Cryptography-acp.70.mcz and olders. Assume it worked in squeak 3.9 &
4 (because I used it at that point with no problems). To reproduce the error just do:

md5hash := MD5 new.
md5hash initializeState.
md5hash processBuffer: 'Casimiro de Almeida Barreto'.

#processBuffer: is a private method, which expects a ByteArray of size 64. A ByteString, or a smaller collection should not and will not work.
The following is expected to produce the correct output:

(MD5 hashMessage: 'Casimiro de Almeida Barreto') hex

In recent images, there's WebUtils, which uses a different MD5 implementation:

WebUtils md5Digest: 'Casimiro de Almeida Barreto'

It uses a plugin shipped with the released VMs, so it's at least 10x faster.

Levente


hc := sha256hash finalHash.

and you´ll get the corresponding error & debug needed.

It is not an urgent problem (since nobody is using MD5 anymore) but I just recovered old code that used it and the error appeared. I´m using SHA256 instead and it runs OK. But it is bad to
have broken code in the repository.

Best regards,

Casimiro

2017-06-07 18:28 GMT-03:00 Nicolas Cellier <[hidden email]>:
      OK,  so which MC version exactly, which image, which VM, which OS, and what step to reproduce? Is it from SqueakMap? a ConfigurationOfCryptography?

If I load in up-to-date trunk spur 32 bits image, for example Cryptography-rww.55 (because it has reasonnable log message),
then test this snippet:

    MD5NonPrimitive hashStream: 'foobar' readStream.

I get a ByteArray answer without failure:

    #[56 88 246 34 48 172 60 145 95 48 12 102 67 18 198 63]

same for
    MD5 new hashMessage: 'foo'

same with latest Cryptography-rww.71...




2017-06-07 22:26 GMT+02:00 casimiro barreto <[hidden email]>:
      From MonticelloBrowser: http://www.squeaksource.com/Cryptography package Cryptography

2017-06-07 17:14 GMT-03:00 Nicolas Cellier <[hidden email]>:


      2017-06-07 21:40 GMT+02:00 casimiro barreto <[hidden email]>:
            MD5 (non primitive and with primitive) is broken because it relies on the conversion of Character to SmallInteger so the method shiftBits:

Problem happens at ThirthyTwoBitRegister>>reverseLoadFrom:at:

which is called from MD5NonPrimitive>>proccessBuffer:

Error is: Instance of Character did not understand #bitShift and happened at:

reverseLoadFrom: aByteArray at: index
    "Load my 32-bit value from the four bytes of the given ByteArray
starting at the given index. Consider the first byte to contain the most
significant bits of the word (i.e., use big-endian byte ordering)."

    hi := ((aByteArray at: index + 3) bitShift: 8) + ( aByteArray at: index + 2).
    low := ((aByteArray at: index + 1) bitShift: 8) + ( aByteArray at: index).


Thanks for reporting. Obviously, the code expects a ByteArray, not a String, so there is some contract broken.

Could you remind me where to find/load which package?
 
      --
      The information contained in this message is confidential and
      intended to the recipients specified in the headers. If you received
      this message by error, notify the sender immediately. The
      unauthorized use, disclosure, copy or alteration of this message
      are strictly forbidden and subjected to civil and criminal sanctions.










--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.










--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.







--
The information contained in this message is confidential and
intended to the recipients specified in the headers. If you received
this message by error, notify the sender immediately. The
unauthorized use, disclosure, copy or alteration of this message
are strictly forbidden and subjected to civil and criminal sanctions.