Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Jun 2012 18:54:16 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Was: RE: [john-users] JtR to process the LinkedIn
 hash dump

On 06/08/2012 05:45 PM, jfoug wrote:
> Note, this DOES require get_source to return a possibly different string
> than the split().  This is 'against' the assertion rules.  This was causing
> self tests to fail, IF there were any of the 00000 hashes in self test
> strings, so they simply have been removed.

This is indeed difficult to solve.
Even if the format interface would be extended by a function which
provides the canonical representation of a hash (default either NULL or
a pointer to a default function which doesn't change the hash), this
wouldn't work for this special case.

Usually, you would expect a format to be able to provide the canonical
form of a hash even if the password is unknown.
This "format" is somewhat different, because the canonical hash
representation is only known after the password hash been cracked.

If the canonical representation of the hash has to be calculated prior
to knowing the password, the only option would be to use the 00000
version as the canonical representation.
This would, however, require to use a format identifier which differs
from the default sha-1 version.

Another way to extend the test data for cases like this (not sure
whether it is worth implementing or not):
Each "record" of the test data can be extended by an optional 3rd
component (default NULL).
If the 3rd component is NULL, then the canonical representation of the
hash must be identical to the first component.
If not, then this is the canonical representation that needs to be
returned to pass the test.

But even if the test data sructure gets extended to support arbitrary
differences between a valid hash and the canonical representation, it is
questionable whether we should support cases where the canonical
representation can only be calculated when the password is known.

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ