Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 27 Jul 2011 12:21:40 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: Character encoding 'how-to' and patch 0009

On 2011-07-27 12:13, Simon Marechal wrote:
> On 26/07/2011 23:27, magnum wrote:
>> What you say above is very important and we could/should adapt to this
>> behaviour for sapB. And we would like exactly this input for most all of
>> the other formats: What happens if you have an "£" in an Oracle
>> password? Or a "€"? And this ß symbol, I actually expect most
>> upper-casing formats to not uppercase them at all but just leave them
>> alone. Still, I think Jim did the right thing. Until we know better, we
>> uppercase like Perl does.
>
> AFAIK LM doesn't compute passwords with such characters. You will only
> have the NT hash if you use € in your password.

Yes but that is because € simply does not exist in the OEM codepage. LM 
will work fine with a £ and it will uppercase ä to Ä or ö to Ö (provided 
we use cp437 or cp850). I don't know about ß - I *think* it would be 
left as-is.

For Oracle, I have no idea what encoding is really used. Maybe it 
depends on whether it's Oracle on Windows or Unix. Maybe it depends on 
the system codepage. Maybe it's always Unicode. Maybe it also depends on 
the Oracle version.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ