Update on Cryptnos Online and iOS 6.x

July 12th, 2013 | Comment?

I wanted to post a quick update regarding the previously reported problem with Cryptnos Online on iOS 6.x devices. After doing some debugging, I’ve narrowed the problem down to the SHA-512 implementation. All of the other hash algorithms seem to be working correctly. It just so happens that a password I needed on my iPod Touch used SHA-512, so it’s a wonder that I stumbled upon it when I did.

Apparently, the problem occurs only on subsequent hash iterations after the first one. In other words, passwords generated on iOS devices that use SHA-512 with only one iteration should be fine, but anything that uses two or more iterations will be off. I would strongly suspect that the problem lies in the routines that convert the input strings into binary are to blame, but the other SHA methods use the same routines and don’t seem to cause any problems.

Unfortunately, I don’t have much else to report on this issue, aside from reassuring our iOS users that if they use any hash algorithms besides SHA-512, they should be OK. If you use SHA-512 with only one iteration (which I normally wouldn’t recommend), you should also be fine. As a reminder, all other platforms currently appear to be unaffected.

I’ll try to keep everyone posted on this issue. I apologize for the slow progress.

Tags: ,


You can skip to the end and leave a response. Pinging is currently not allowed.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

You must be logged in to post a comment.