fedora 25
crypto weakness #4

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

bitlbee-3.5.1/lib/arc.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 crypto weakness.

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of           *
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            *
*  GNU General Public License for more details.                             *
*                                                                           *
*  You should have received a copy of the GNU General Public License along  *
*  with this program; if not, write to the Free Software Foundation, Inc.,  *
*  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.              *
*                                                                           *
\***************************************************************************/


/* See arc.c for more information. */

struct arc_state {
	unsigned char S[256];
	unsigned char i, j;
};

#ifndef G_GNUC_MALLOC
#define G_GNUC_MALLOC
#endif

G_GNUC_MALLOC struct arc_state *arc_keymaker(unsigned char *key, int kl, int cycles);
unsigned char arc_getbyte(struct arc_state *st);
int arc_encode(char *clear, int clear_len, unsigned char **crypt, char *password, int pad_to);
int arc_decode(unsigned char *crypt, int crypt_len, char **clear, const char *password); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.