Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Dec 2012 17:56:18 +0100
From: Frank Dittrich <>
Subject: Formats dmg, encfs and strip crash on longer passwords

All three formats claim to support a maximum password length of 32, but
if you try to use a word list with longer passwords, they all segfault
(at least on my 32bit Linux system).

$ ./john encfs --wordlist=test-p
Loaded 4 password hashes with 4 different salts (EncFS PBKDF2 AES /
Blowfish [32/32])
Segmentation fault (core dumped)

The file encfs just contains the 4 hard coded test cases from
encfs_fmt_plug.c, using the passwords as user names:


File test-p just contains a single password.
In this case, even a password of length 21 causes john to segfault:

For strip (the single test case from strip_fmp_plug.c), even a password
of length 19 causes a segfault.

For dmg, with the shortest test vector, even a password of length 18
causes a segfault:

For me, this looks like a systematic error in Dhiru's formats.
Unfortunately, if I build a debug version, the error disappears.

Should this information be added to a new wiki page untder "Issues/bugs
needing a look"?

Currently, the "Wish-list for JtR" has a link to "Formats with
problems", but the page is named JtR-valid-bugs, and I don't think these
segfaults are caused by bugs in valid().


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ