[Info-vax] What to do with my VAX.....
Arne Vajhøj
arne at vajhoej.dk
Sat Nov 21 08:23:00 EST 2020
On 11/21/2020 4:19 AM, seasoned_geek wrote:
> On Friday, November 20, 2020 at 7:37:28 PM UTC-6, Arne Vajhøj wrote:
>> On 11/20/2020 8:23 PM, seasoned_geek wrote:
>>> On Friday, November 20, 2020 at 7:10:37 PM UTC-6, Arne Vajhøj
>>> wrote:
>>>> On 11/20/2020 7:59 PM, Arne Vajhøj wrote:
>>>>> On 11/20/2020 9:46 AM, seasoned_geek wrote:
>>>> $ mcr ssl1$exe:openssl enc -aes-256-cbc -k
>>>> MySuperSecretPassPhrase -P -md sha1
>>>>
>>>> on your favorite OS a few times.
>>>>
>>>> I got:
>>>>
>>>> iv =0E38C5B4A04DAD98965D95161268ECDB iv
>>>> =51D9A670DEB1BF1E56745D28A6441A3C iv
>>>> =26E6C8F59628C12A7A4EBFC3BF340727 iv
>>>> =E4609B2D4AFD0B8190101A87F8CA83DB iv
>>>> =9350E05D92C0915B229048B251E3C663
>>>>
>>>> They look quite different to me.
>>
>>> And once again, arne, knowing less than nothing about what was
>>> asked chooses to try to spin something into his microscopic
>>> universe. I had SALT in all upper case because that is what was
>>> asked about.
>> AES (and other block cipher symmetric encryption) only use key and
>> iv (not using iv in ECB mode, but nobody should use ECB mode). No
>> salt. Or SALT (which is usually considered an abbreviation for some
>> USA-USSR treaties a long time ago).
>>
>> So if you want to attempt your tabulation trick, then you need to
>> deal with key and iv.
>>
>> And iv changes more than last 5 as demonstrated above.
>>
>> So your tabulation trick does not work.
> The problem was noticed on Ubuntu 18.04 LTS. It might still exist in
> 20.04 LTS because I haven't read about any fixes for it per-se.
That should be pretty easy to check - just give us the CVE and
we can see when it was fixed.
Arne
More information about the Info-vax
mailing list