Date: Thu, 05 Jan 2006 15:52:23 +0000 From: Ben Laurie <ben@algroup.co.uk> To: apeiron+ports@coitusmentis.info, FreeBSD Security Team <secteam@freebsd.org>, ports@freebsd.org Cc: Ben Laurie <ben.laurie@thebunker.net> Subject: Digest::SHA256 produces the wrong digest Message-ID: <43BD40B7.9070905@algroup.co.uk>
next in thread | raw e-mail | index | archive | help
$ apps/openssl dgst -sha256 test9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 $ perl -e "use Digest::SHA256; print Digest::SHA256::new(256)->hexhash('test');" d0933eee ad930c56 5827f6aa 5887f852 2140f90d cf9fa07e 40fd7abf 27992307 This is using version 0.01b of p5-Digest-SHA256. It is not clear what the security impact of this bug is, but it is potentially serious, depending on the nature of the bug, so I've copied in the security team. Can I suggest that ports implementing cryptographic functions should not be released without at least checking some test vectors? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43BD40B7.9070905>