Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 14 Dec 2012 09:33:15 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Run-time change of a format's max length

On 14 Dec, 2012, at 3:39 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
> On 12/14/2012 03:23 AM, magnum wrote:
>> On 13 Dec, 2012, at 2:30 , Solar Designer <solar@...nwall.com> wrote:
>>> On Thu, Dec 13, 2012 at 02:20:10AM +0100, magnum wrote:
>>>> On 13 Dec, 2012, at 1:15 , Solar Designer <solar@...nwall.com> wrote:
>>>>> Shouldn't this option be called --max-length instead, and we'd have
>>>>> --min-length too?
>>>> 
>>>> That has crossed my mind too, I should change it.
>>> 
>>> Yes, please.  They're called that way on my to-do list. ;-)
>>> 
>> 
>> All the above are done & committed now, except Wordlist and Single mode.
> 
> What if a user started a session using --length, interrupted it, and
> tries to restore after upgrading john?

Yes, or if he started a mskrb5 crack specifying --format (it was renamed). I'm thinking for Jumbo we might be best off simply recommending to not update in this situation, or to manually hack the .rec file yourself (which is really trivial for both cases).

We could support --length for one more revision of Jumbo, with a printed notice it's deprecated. But I'm not sure how to do the same with mskrb5. We should have function-label aliases, which is usable for other things too, like mapping a name to a dynamic... This could also be used for things like md5 vs md5crypt and ssha vs salted-sha1, and it could also alias format tags. This could be a list in john.conf, perhaps something like this:

[List.aliases:functions]
mskrb5 = krb5pa-sha1
ssha = salted-sha1
radius = dynamic_1008

[List.aliases:tags]
$dynamic_0$ = $md5$

The format-label case could be implemented at core level. I think the tags can too, in loader.c. BTW the current krb5pa-sha1 format do accept the legacy mskrb5 input format/tag so that case is only a problem if --format was specified.

By the way if we really wanted to, the following would of course be possible too:

[List.aliases:options]
length = max-length

...although I think this is overkill.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.