Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 May 2012 19:39:41 -0500
From: "jfoug" <>
To: <>
Subject: RE: memory usage within JtR and possible ways to significantly reduce it.

We will have to look at how to get past this.  I think it will only 'impact'
the self test. The compare is pretty strict.  We might have to change that a

>From: magnum []
>I see some slight problems. Maybe they can be fixed.
>I added a trivial get_source() to nt2, worked fine. Then I added one to
>raw-md5 (thick) and that failed. Turns out I had to change the test
>vectors to always include the tag (some did, some did not). But this
>means we are not testing the format's ability to read untagged hashes.
>Then I added one to raw-SHA1 (thick) and got a similar problem: One of
>the test vectors was in upper case. I had to lower case it, but that
>means we are not testing the format's ability to read upper case hashes.
>I committed them but will not do more for now.
>Hm.. maybe something like this change of the self-test would fix both
>problems? Or would it create others?
>      binary = format->methods.binary(ciphertext);
>      salt = format->methods.salt(ciphertext);
>      if (format->methods.get_source != fmt_default_get_source) {
>+             char *binary2 = alloca(params.binary_size);
>              sourced = format->methods.get_source(binary, salt, Buf);
>+             memcpy(binary2, binary, format->params.binary_size)
>+             binary = format->methods.binary(sourced);
>+             if (memcmp(binary, binary2, format->params.binary_size))
>-             if (strcmp(sourced, prepared))
>                      return "get_source";
>      }

I think something like this might be workable.  But I think we should save
copies of both the original binary, and original salt. Then call get_source.
With the return of that, we call valid, then binary() and salt()   

If the sourced pointer is valid, and if the binary and salt returned from
that end up being the same, then we can assume that get_source returned the
proper string.  We also could fix each format's prepare() function, so it
ALWAYS returns a canonical representation of the string, but there really is
no reason.  We might only need to do the secondary checks, if the original
strcmp(sourced,prepared) fails.  We could easily change this to stricmp.
Then if there is a failure, then do the valid, binary, salt, and comprare
the binaries and salts.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ