Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Dec 2012 17:56:18 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Formats dmg, encfs and strip crash on longer passwords

All three formats claim to support a maximum password length of 32, but
if you try to use a word list with longer passwords, they all segfault
(at least on my 32bit Linux system).


$ ./john encfs --wordlist=test-p
Loaded 4 password hashes with 4 different salts (EncFS PBKDF2 AES /
Blowfish [32/32])
Segmentation fault (core dumped)

The file encfs just contains the 4 hard coded test cases from
encfs_fmt_plug.c, using the passwords as user names:

openwall:$encfs$192*181474*0*20*f1c413d9a20f7fdbc068c5a41524137a6e3fb231*44*9c0d4e2b990fac0fd78d62c3d2661272efa7d6c1744ee836a702a11525958f5f557b7a973aaad2fd14387b4f
Jupiter:$encfs$128*181317*0*20*e9a6d328b4c75293d07b093e8ec9846d04e22798*36*b9e83adb462ac8904695a60de2f3e6d57018ccac2227251d3f8fc6a8dd0cd7178ce7dc3f
Valient
Gough:$encfs$256*714949*0*20*472a967d35760775baca6aefd1278f026c0e520b*52*ac3b7ee4f774b4db17336058186ab78d209504f8a58a4272b5ebb25e868a50eaf73bcbc5e3ffd50846071c882feebf87b5a231b6
Alo3San1t@...s:$encfs$256*120918*0*20*e6eb9a85ee1c348bc2b507b07680f4f220caa763*52*9f75473ade3887bca7a7bb113fbc518ffffba631326a19c1e7823b4564ae5c0d1e4c7e4aec66d16924fa4c341cd52903cc75eec4

File test-p just contains a single password.
In this case, even a password of length 21 causes john to segfault:
123456789012345678901


For strip (the single test case from strip_fmp_plug.c), even a password
of length 19 causes a segfault.

For dmg, with the shortest test vector, even a password of length 18
causes a segfault:
vilefault:$dmg$1*20*9c82b419bdac1b3e6b71f8a6b99a7501f34b6950*40*5da479e292e0acf67a9fa3e24d0a767cae2f645ff63836665068637188f4b80295de79aabdbc2536*48*9b136165ee73418631ccf28d5e77073788ae921df596649a7a7789585db0f13f446d5927967e2ede20ce8a4f5389185d

For me, this looks like a systematic error in Dhiru's formats.
Unfortunately, if I build a debug version, the error disappears.

Should this information be added to a new wiki page untder "Issues/bugs
needing a look"?

Currently, the "Wish-list for JtR" has a link to "Formats with
problems", but the page is named JtR-valid-bugs, and I don't think these
segfaults are caused by bugs in valid().

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ