Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 9 Feb 2013 11:44:13 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: formats failing test on big-endian

On 7 Feb, 2013, at 5:09 , Solar Designer <solar@...nwall.com> wrote:
> On Wed, Feb 06, 2013 at 08:35:10PM +0100, magnum wrote:
>> On 6 Feb, 2013, at 15:35 , Solar Designer <solar@...nwall.com> wrote:
>>> I built unstable-jumbo on debian_etch_sparc_small.qcow2 from
>>> http://people.debian.org/~aurel32/qemu/
>> 
>> Emulating a Sparc on x86?
> 
> Yeah.  I also tried ARM, but only built clean 1.7.9 (as generic) there.
> I might setup some scripts to keep this kind of VMs running for our
> team's use.
> 
>> Cool, we were just discussing that today.
> 
> Really?  Who/where?

IRL :-) I discussed with a friend whether a thing like QEMU would emulate alignment errors. We had the idea the emulator would focus on working results over bug compatibility. Maybe it was a stupid assumption given QEMU's internals.


>> I actually feared worse results. I will fix some of them. The MSSQL, Office and RAR problems are in Unicode conversions, this is trivial.

All Unicode problems are fixed. They are now fixed in a canonical way so there should be very few such bugs in the future. All unicode functions work with UTF16-LE regardless of host arch. That was always the idea but some fixes had been put backwards over time.

I fixed some other things too but these remains:

VMS segfaults for me, plus:

Benchmarking: dynamic_17: phpass ($P$ or $H$) [32/32 X2  (MD5_body)]... FAILED (get_hash[0](1))
Benchmarking: Eggdrop Blowfish [32/32]... FAILED (cmp_all(1))
Benchmarking: Apple DMG PBKDF2-HMAC-SHA-1 3DES / AES [32/32]... FAILED (cmp_all(1))
Benchmarking: EncFS PBKDF2 AES / Blowfish [32/32]... FAILED (cmp_all(1))
Benchmarking: Mac OS X Keychain PBKDF2-HMAC-SHA-1 3DES [32/32]... FAILED (cmp_all(1))
Benchmarking: Kerberos 5 AS-REQ Pre-Auth etype 17/18 aes-cts-hmac-sha1-96 [32/32]... FAILED (get_hash[0](0))
Benchmarking: KDE KWallet SHA-1 [32/32]... FAILED (cmp_all(1))
Benchmarking: ODF SHA-1 Blowfish / SHA-256 AES [32/32 OpenSSL]... FAILED (get_hash[0](0))
Benchmarking: PBKDF2-HMAC-SHA512 GRUB2 / OS X 10.8 [32/32 OpenSSL]... FAILED (get_hash[0](0))
Benchmarking: Password Safe SHA-256 [32/32]... FAILED (get_hash[0](0))
Benchmarking: STRIP Password Manager PBKDF2-SHA1 [32/32]... FAILED (cmp_all(1))
Benchmarking: SXC SHA-1 Blowfish [32/32]... FAILED (get_hash[0](0))
Benchmarking: WPA-PSK PBKDF2-HMAC-SHA-1 [32/32]... FAILED (valid)
Benchmarking: WinZip PBKDF2-HMAC-SHA-1 [32/32]... FAILED (cmp_all(1))
14 out of 194 tests have FAILED

The dynamic_17 is strange. Hopefully Jim could have a look at that. I believe all others may be failing due to one same bug, they are all pbkdf2-hmac-sha1. But I haven't nailed it. At first I assumed the iteration count would be wrong for BE but that is not the case, it's done right.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.