Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 19 Sep 2011 12:41:34 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: Jumbo-6

The code as it existed, was OBVIOUSLY buggy. I do not know all of the side
effects, but it looks like you may have found another side effect of the
bug, and likely this is not the only other side effect.  It is just the 2
you have happened to stumble over.

I am pretty sure the test suite only tests properly formatted lines (for
md5_gen).  I think we should change that, and force some 'raw-hash' testing,
at least for a few formats. Who knows.  A forced 'raw hash' test may have
caught this bug, right when it appeared.

We should probably test 'forced raw' for:  Some md5_gen's, NT, LM and some
other 32 byte hex.  Also, probably some 40 byte raw hex (sha stuff, if they
have no signature).

Jim.

>-----Original Message-----
>From: magnum [mailto:rawsmooth@...dband.net]
>Sent: Monday, September 19, 2011 11:53 AM
>To: john-dev@...ts.openwall.com
>Subject: Re: [john-dev] Jumbo-6
>
>On 2011-09-19 17:14, jfoug wrote:
>> I just posted a small patch for md5-gen.  Saltless hashes were
>'appearing'
>> to run about 150% the speed that they actually run.
>> ...
>
>I was delighted to see that this bugfix also fixed another problem I was
>investigating: I had problems loading untagged hashes using eg.
>--form=md5_gen\(0\) - it just loaded the first hash in the infile.
>Now it works fine again. Why? That really beats me, but it's excellent
>anyway, lol!
>
>magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ