Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Sep 2011 12:03:49 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: FMT_BS in NETLM (was: Patch for dynamically loaded formats)

>From: Solar Designer [mailto:solar@...nwall.com]
>
>You're right, I'll take care of that.  I am preparing -jumbo-6-RC3 now.

I have updated the patch 0010.  This was the md5-gen format 29 (Unicode raw,
and raw-md5u format).  This has been handled better, and now will 'honor'
forced max password lengths properly, in code page, normal or utf8 modes.

I have also added changes to properly handle $$U (user name), or $$F0 - to -
$$F9 (field replacement), properly in a format which has no 'simple' salt in
it. The only one I 'ignored' was $$S2 (salt 2), since it does not make sense
to have a 2nd salt, without the first).   Now, since this patch, was going
to clash with the 0010 patch, I simply merged these changes into the 0010
patch.  That patch now fixes the Unicode stuff, and fixes the saltless-salts
stuff.

It should be in jumbo, if possible (along with the other 9 post j6-rc2
patches).  If not, then we can add them after the fact by simply rebasing
them.

Jim.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ