alpine 3.8
crypto weakness #598


Weakness Breakdown


This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.8 crypto weakness.

class inno_arc4_crypter : public boost::iostreams::multichar_input_filter {
	typedef boost::iostreams::multichar_input_filter base_type;
	typedef base_type::char_type char_type;
	typedef base_type::category category;
	inno_arc4_crypter(const char * key, size_t length) {
		arc4.init(key, length);
	template <typename Source>
	std::streamsize read(Source & src, char * dest, std::streamsize n) {
		std::streamsize length = boost::iostreams::read(src, dest, n);
		if(length != EOF) {
			arc4.crypt(dest, dest, size_t(n));
		return length;
	crypto::arc4 arc4;


} // anonymous namespace

bool chunk::operator<(const chunk & o) const {
	if(first_slice != o.first_slice) {
		return (first_slice < o.first_slice);
	} else if(offset != o.offset) {
		return (offset < o.offset);
	} else if(size != o.size) {
		return (size < o.size);
	} else if(compression != o.compression) {
		return (compression < o.compression); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.