alpine 3.6 crypto weakness #54

4

Weakness Breakdown

Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 crypto weakness.

`````` }

void encrypt(char *block, int flag)
{
my_u_int32_t io[2];
my_u_char_t *p;
int i, j;

des_init();

setup_salt(0L);
p = (my_u_char_t *)block;
for (i = 0; i < 2; i++) {
io[i] = 0L;
for (j = 0; j < 32; j++)
if (*p++ & 1)
io[i] |= bits32[j];
}
do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
for (i = 0; i < 2; i++)
for (j = 0; j < 32; j++)
block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
}

char *crypt(const char *key, const char *setting)
{
my_u_int32_t count, salt, l, r0, r1, keybuf[2];
my_u_char_t *p, *q;
static char output[21];

des_init();

/*
* Copy the key, shifting each character up by one bit
*/
q = (my_u_char_t *) keybuf;
while (q - (my_u_char_t *) keybuf - 8) {
*q++ = *key << 1;
if (*(q - 1))
key++;
}
if (des_setkey((char *)keybuf))
return (NULL);

#if 0