Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Aug 2012 18:20:50 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Benchmark format error

On Thu, Aug 30, 2012 at 03:06:11PM +0200, Camille Mougey wrote:
> 2012/8/28 Solar Designer <solar@...nwall.com>
> 
> > On Tue, Aug 28, 2012 at 02:14:37PM +0200, Camille Mougey wrote:
> > > You're right. Here the details :
> > > $john --test --format=myformat
> > > Benchmarking: (...)[32/32]... FAILED (get_hash[2](0))
> >
> > Most of the time get_hash*() failures indicate that hashing was not done
> > properly in crypt_all(), but given the additional info you've provided
> > and that it's only get_hash[2] that failed (meaning that [0] and [1]
> > have matched, which is not very likely to occur by accident, although
> > it's possible), I think you actually have a bug in your binary_hash_2()
> > or/and get_hash_2() (maybe in higher-numbered hash functions as well).
> 
> To my mind, I use "common" binary_hash and get_hash function, that is to
> say I just mask with 0xff, fff, ...

I suggest that you take a closer look at these.  Are you comparing the
same bits in cmp_all(), cmp_one(), and/or cmp_exact() (whichever ones of
these you actually have) that you're extracting in binary_hash_2() and
get_hash_2()?

> > > Loaded 1 password hash (...)
> > > itsmeaning        (?)
> > > guesses: 1 .... etc.
> >
> > When you're only cracking one hash, the hash functions are not used.
> > You may want to generate a thousand of (different) test hashes (or mix
> > your one test hash with a thousand of fake hashes) and see if cracking
> > still works (chances are that it won't).
> 
> Indeed, it doesn't still work. Surprisingly, the hash is cracked when it is
> with nine others, and still non guessed (but detected) with hundred or
> thousand others.
> However, the only function able to compute the hash part is crypt_all.
> What's happened ?

I guess you do have some inconsistency between binary_hash*() /
get_hash*() and crypt_all() / cmp_*().  Now you just need to find it.

I'm afraid we won't be able to help you further without seeing your code.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ