Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 27 Jan 2012 22:24:41 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Recent github patches

On 01/27/2012 09:45 PM, Solar Designer wrote:
> On Fri, Jan 27, 2012 at 09:19:19PM +0100, magnum wrote:
>> * HMAC-SHA1 format added
>> * HMAC-SHA256 format added
> 
> Why these two, but not HMAC-SHA512?  I am just wondering.

HMAC-SHA256 was a five minute job triggered by two reference hashes on
wikipedia :-)  I will add SHA512 too as soon as I get reference hashes
and get it into pass_gen.pl and the test suite. BTW I guess these should
be grouped with the other OpenSSL >= 0.9.8 formats instead of being plugins.

>> * Experimental support for running "closed loop" - i.e. wordlist mode
>> with a .pot file as input. We might want better dupe supression (to
>> memory buffer), possibly reusing "unique" code. The current code only
>> supresses consecutive dupes (just as for any wordlist file).
> 
> In fact, I thought of optionally using the "unique" code in wordlist mode
> regardless of where the input comes from.  However, I am concerned that
> if changes this invasive are first made in -jumbo, it will deviate from
> the main tree's code too far.  Ideally, I should find time and implement
> this in the main tree first... but it's not something I'll have time for
> any time soon (got other priorities, including for JtR).

Agreed, I do not plan to look into this. But on another note, I realised
that when running wordlist mode in current Jumbo without memory buffer,
we have NO dupe suppression. I believe this was lost when we made memory
buffer using pointer copy. That was well worth it, but we should
reintroduce dupe checking for non-buffered mode. On the other hand we
could/should also raise the default threshold for memory buffering from
5 MB to something much larger - possibly depending on --save-mem.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.