Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Jun 2011 19:27:06 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: add support for cracking RAR archive passwords [GSoC
 first cut]

On 2011-06-14 18:21, Ɓukasz Odzioba wrote:
>   It's clear to me right now. Really thanks for an exhaustive answer!
> I'll adapt this knowledge to my patches.

Just remember that after truncating, it's imperative that get_key() will 
return a plaintext truncated exactly like the one that was sent to 
hashing. So eg. if using a saved_plain variable, that one must be 
truncated too. Otherwise we get bugs very hard to notice! Been there, 
done that, got the t-shirt...

Like Jim said, John will truncate for us at the length indicated by the 
format struct. But formats that can convert from UTF-8 are trickier: 
There *may* be three times as many octets of input as there are 
characters of output. Therefore, we can't rely on John truncating for us 
but must multiply PLAINTEXT_LENGTH by 3 and truncate ourselves at the 
target encoding's (usually UTF-16) max length.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ