Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 Dec 2011 05:05:23 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: cracking RADIUS shared secrets with john the ripper

On Thu, Dec 08, 2011 at 01:09:28AM +0100, Didier Arenzana wrote:
> I have just updated the patch & perl script; now the HEX$ strings
> should work with any dynamic_n format, with fixed salt length or not.
> Please give me your thinkings of the modifications I made to loader.c,

I just took a look.  I think those modifications are not needed and
should be removed.  Instead of them and the changes to set_salt() (which
probably have performance impact) you should modify the format's salt()
function (or get_salt() as it's called in some formats).  Really, all of
your code changes should be contained in valid() and salt().

I am not familiar with dynamic_fmt.c, though - that's JimF's code.

One other thing I noticed is the less usual license on the Perl script,
requiring attribution.  I understand and respect your wish to be
credited, but it is very easy to raise license compatibility concerns in
this way.  What if another license that is meant to be applied to a
larger application including your script says that "no further
restrictions are allowed" (and you essentially have a restriction not
specified in that license)?  What exactly is meant by having the
original author "referenced" (e.g., is keeping the notice in the source
code sufficient or is the "reference" supposed to be on the project's
website or in a GUI program's "About" box? what if the source code is
not included with a certain derived program's release?)  My original
proposed wording was a strict subset of the BSD license, only with
purely restrictive clauses removed, so it was obviously compatible at
least with the same licenses that BSD licenses are; this can't be said
of yours.  Even if it is in fact just as compatible in practice, that is
not obvious anymore.

Of course, it is up to you how to license your contribution.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ