Just a quick note on a change of the seeding function for bcd32. It
accept a 128bit seed now in order to set the initial state of a,b,c,d
and t. This way for example a 128bit hash can be used for seeding.
The seed function include a check that a and b never be set to zero.

The modified source code for keystream generation is available here

http://www.freecx.co.uk/bcd32/bcd32_keystream.c

http://paste.debian.net/928753/


Additionally I like to ask if someone has any idea on how to predict the
output of bcd32 without knowing the 128bit seed nor the internal state?




--
cHNiMUBACG0HAAAAAAAAAAAAAABIZVbDdKVM0w1kM9vxQHw+bkLxsY/Z0czY0uv8/Ks6WULxJVua zjvpoYvtEwDVhP7RGTCBVlzZ+VBWPHg5rqmKWvtzsuVmMSDxAIS6Db6YhtzT+RStzoG9ForBcG8k G97Q3Jml/aBun8Kyf+XOBHpl5gNW4YqhiM0=

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 22.04.17 12:10, Karl.Frank wrote:

http://www.freecx.co.uk/bcd32/bcd32_keystream.c

http://paste.debian.net/928753/

The source code published recently does produce a wrong test vector with
a key shorter than 128bit. This is because the function that convert the
given hex string into 4 x 32bit unsigned integers will simply read over
the bounds if there are less than 128bit and fill up the variables with "imaginary" values. I suppose that's one of the reasons why so many
programs written in C are prone to buffer overflow attacks.

The function in question is

for (int i=0; i<4; i++) {
strncpy(hexKey, argv[1]+(i*8), 8);
seed[i] = (int)strtoul(hexKey, NULL, 16);
}

I have changed the hex string conversion into 32bit unsigned integers accordingly. Now all available hex characters are stored in a 8bit array
first and then converted into 32bit unsigned integers in order to seed
the internal state.

Additionally I have included the test vectors as hex output as they
should appear on a big endian machine.

The updated source code is available here

http://www.freecx.co.uk/bcd32/bcd32_keystream.c

http://paste.debian.net/930128


Any comment on the error as well as on the endianess output is welcome.


--
cHNiMUBACG0HAAAAAAAAAAAAAABIZVbDdKVM0w1kM9vxQHw+bkLxsY/Z0czY0uv8/Ks6WULxJVua zjvpoYvtEwDVhP7RGTCBVlzZ+VBWPHg5rqmKWvtzsuVmMSDxAIS6Db6YhtzT+RStzoG9ForBcG8k G97Q3Jml/aBun8Kyf+XOBHpl5gNW4YqhiM0=

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 22.04.17 12:10, Karl.Frank wrote:

Just a quick note on a change of the seeding function for bcd32. It
accept a 128bit seed now in order to set the initial state of a,b,c,d
and t. This way for example a 128bit hash can be used for seeding.
The seed function include a check that a and b never be set to zero.

The modified source code for keystream generation is available here

http://www.freecx.co.uk/bcd32/bcd32_keystream.c

http://paste.debian.net/928753/

Additionally I like to ask if someone has any idea on how to predict the output of bcd32 without knowing the 128bit seed nor the internal state?

Well, for a start this is a possible way:

We capture two or more consecutive output values, seed the PRNG with
arbitrary values and observe the output and all internal values until at
least two identical consecutive output values were found. At this moment
we know the complete internal state and can calculate all future states. Additionally we might revert the PRNG and get hands on the seed.

But this is a very expensive approach. Is anyone aware of a more
effective and faster method?


--
cHNiMUBACG0HAAAAAAAAAAAAAABIZVbDdKVM0w1kM9vxQHw+bkLxsY/Z0czY0uv8/Ks6WULxJVua zjvpoYvtEwDVhP7RGTCBVlzZ+VBWPHg5rqmKWvtzsuVmMSDxAIS6Db6YhtzT+RStzoG9ForBcG8k G97Q3Jml/aBun8Kyf+XOBHpl5gNW4YqhiM0=

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 22.04.17 12:10, Karl.Frank wrote:

Just a quick note on a change of the seeding function for bcd32. It
accept a 128bit seed now in order to set the initial state of a,b,c,d
and t. This way for example a 128bit hash can be used for seeding.
The seed function include a check that a and b never be set to zero.

The modified source code for keystream generation is available here

http://www.freecx.co.uk/bcd32/bcd32_keystream.c

http://paste.debian.net/928753/

Additionally I like to ask if someone has any idea on how to predict the output of bcd32 without knowing the 128bit seed nor the internal state?

Well, for a start this is a possible way:

We capture two or more consecutive output values, seed the PRNG with
arbitrary values and observe the output and all internal values until at
least two identical consecutive output values were found. At this moment
we know the complete internal state and can calculate all future states. ***rubish removed* ==> Additionally we might revert the PRNG and get
hands on the seed. <== *** Obviously know the seed, of course!

But this is a very expensive approach. Is anyone aware of a more
effective and faster method?

--
cHNiMUBACG0HAAAAAAAAAAAAAABIZVbDdKVM0w1kM9vxQHw+bkLxsY/Z0czY0uv8/Ks6WULxJVua zjvpoYvtEwDVhP7RGTCBVlzZ+VBWPHg5rqmKWvtzsuVmMSDxAIS6Db6YhtzT+RStzoG9ForBcG8k G97Q3Jml/aBun8Kyf+XOBHpl5gNW4YqhiM0=

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)