Viewing Single Post From: Secure ?

Viewing Single Post From: Secure ?
insecure	Jul 27 2006, 04:44 AM
Elite member Posts: 381 Group: Trusted Member Member #10 Joined: September 9, 2005	Here's that code again, annotated: Code: `unsigned char pht(unsigned char a, unsigned int b) { long t; t = a + b; /* This line is redundant because of the following line / t = (2 a) + (2 * b); /* simpler: t = 2 * (a + b); / t = t ^ 0xa9; / assumes you don't care about high bits of big chars */ t = t ^ a; return t; }` 0xA9 is 11111001 in binary. It's hard to see how this is a useful mask. Naturally, the doubling will ensure that the low bit of t is clear. XORing this with 1 (which is done by ^ 0xA9) will set it. And XORing it with a again will either clear it (if the low bit of a is set) or set it (if the low bit of a is clear). Thus, the low bit of the result is simply the inverse of the low bit of one of the inputs. Whether that's exploitable, I don't know. It depends how the function is being used, I guess.


Secure ? · Off-topic