Hi! The code contains a bug (ARCS.c, line 88) where the MD5 of the password is strcpyed into another buffer. Since the MD5-hash can contain a '\x0' byte the copying might abort too early. This can make decryption realy interesting if you are using two different compilers that might or might not initialize the buffers on the stack for debugging purposes. That said, it might be impossible, unless the authors publish the binary they used to encrypt their challenge file, to decrypt it. I strongly advise against using this implementation (assuming the algorithm is any good). Moderator: Shouldn't we keep this list to the usual full-disclosure stuff and leave the crypto-algorithm development to the apropriate academic conferences? Transforming MD5 into a stream-cypher isn't even exciting from a cryptographic point of view... Markus -- The early bird gets the worm. If you want something else for breakfast, get up later. NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++
