Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 27 Aug 2011 12:49:43 -0500
From: "JimF" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: Re: #include "john.conf2" (a wish list item)

From: "Solar Designer" <solar@...nwall.com>
>
> I think JimF's code is fine for jumbo (although I am relying on what was
> said in here; I haven't tried the feature out yet), but just to provide
> inspiration for possible enhancements (if we ever choose to implement
> those), here are two other pieces of code with detection of infinite
> recursion (loop).
>

It is likely that we will have to add some form of name storage, checking 
for the rules including rules code.  So, if that is the case, it would be 
pretty easy to do the same thing for the .conf file including.

NOTE, there is no need at all to implement this with super cool bells / 
whistles, or worry at all about it being made optimal.  It is only done one 
time, at startup, so a very simplistic but rock solid method would be more 
than adequate.  I think simply dropping names on a list, likely a static 
global to the config.c, and then check the list. If the name is already on 
the list, then skip that line, just like a comment.

now, what is put ON the list does matter.  So for the .conf's, I think we 
need full path.  For the rules, I am not sure we have information on if they 
came from one .conf file, or another, so I think the name itself is all we 
can look up.

One additional step I feel we need to do for rules, is to have a trivial 
rule elimination step, done after the rule is totally loaded.  In this step, 
take the first rule, and search all lines of the rules for exactly the same 
line.  If we find it, we remove any later instances.  Then we take the next 
line, etc, etc.  When done, we have all rules that are not 'exactly' the 
same removed.  NOTE, there certainly can be identical rules still left, if 
there are thing in different order, or have something different.    Az"abc" 
and $[a]$[b]$[c] and Az'abc' and $a$b$c (and many more) are exactly the 
same, but putting in logic smart enough to detect this, may be way beyond 
what we can easily do.  However, if a rule include 6 rules, and each of them 
had Az"abc", then we can easily remove the last 5 of them.

Jim. 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.