least significant key byte is mistakenly ignored on schedule256 #6
Description
Based on the issue that:
ECB_256(encrypt, 0, "012345689ABCDEF") == ECB_256(encrypt, 255, "0123456789ABCDEF")Buggy part (the schedule256 function):
-- we skip the first element of the key bytes table
local t1 = expanded[1]
local t2 = expanded[2]
local t3 = expanded[3]
local t4 = expanded[4]
-- its not used in the xor loop below here either, so its effectively skipped.This drops the valid key ranges to floor( (2^54) / 8 ) (including the negative range) which decreases the amount of valid unique keys by 8 bits, brute-force becomes feasible on a strong enough server rig.