Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Jun 2011 17:19:03 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: John 1.7.7-jumbo-5

magnum, Dhiru -

On Tue, May 31, 2011 at 08:33:39PM +0200, magnum wrote:
> The problem with the ssh patch is that it currently bumps 
> LINE_BUFFER_SIZE in params.h from 1024 to 8192. I mentioned ways to 
> mitigate (at least to some extent) this long ago, did you look at that?
> 
> This currently stops this format from being just a plugin. And I'm not 
> sure if that bump could have implications. Solar?

I am fine with this bump.  In fact, I think we need to bump up the line
length limit even further, such that 4096-bit SSH keys will fit even
when they're base64- and then hex-encoded.  I think they'd be at around
11 KB, so let's set the limit at 16 KiB (0x4000).

Yes, this double-encoding is weird, and it might be gone eventually.

As to inclusion in jumbo, I think we need to include Dhiru's patches in
a separate jumbo patch release, not along with lots of other changes.
I think Dhiru's additions are important enough that they need more
attention than they'd receive now (if rolled into -jumbo-5).

As an option, we may make the LINE_BUFFER_SIZE bump to 0x4000 now (in
-jumbo-5), which will allow for the "plugin" functionality to work for a
new revision of Dhiru's SSH cracker.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ