Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Nov 2011 13:54:27 -0600
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: jumbo rebased on current CVS (was: post 1.7.8-jumbo-7 changes summary)

>From: Solar Designer [mailto:solar@...nwall.com]
>
>Did you run that one through the test suite?  The new DES key setup has
>separate little pieces of code per key bit, and I'm afraid I never
>actually tested it on LM hash passwords with 8th bit set in any
>character.  Does the test suite have such samples (I guess so)?

The test suite has 8 bit passwords.  It has them in several 'flavors'. It
has 'simple' raw 8 bit passwords.  These were created from the original
password file  (pw.dic).  I simply set high bit on about 2-3% of the
characters.    

This is run 'normally'.  Also, if a format handles encoding, it is run with
-enc:utf8.  When this 'garbage' is run as utf8 mode, it will only find
'some' of the candidates (a large percentage). However, it is the exact same
number for each hash (except Cash2, which uses fewer passwords).

However, the test suite DOES test for these type PW's.  It is how the bug in
BF was found.

Jim.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ