Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 May 2013 12:53:07 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Cc: Alexander Cherepanov <cherepan@...me.ru>
Subject: Re: dynamic_1300 selftest FAILED (get_hash[0](1)) in
 bleeding

---- Alexander Cherepanov <cherepan@...me.ru> wrote: 
> Sorry, I was not clear enough. I didn't mean to get rid of MGF_SALTED 
> and MGF_USERNAME completely. I thought about eliminating them from 
> dynamic.conf. They can be recomputed internally by dinamic while reading 
> dynamic.conf.

No, I think you were perfectly clear, possibly I was not.  The reason they are there is because there is SO much complexity within dynamic, that they are really needed.  If not there, then there has to be some pretty complex logic, to try to find out if there should be a salt or not.  Were any of a couple dozen functions called?  Were certain other flags set, or some other combination.  Also, that logic (which would be rather complex), would need to be looked at whenever changes were made to the dynamic interface (which does happen).

I would rather not have to revisit very complex logic over, and over again. Little changes that 'appear' to be simple, can end up being a real problem.  We already have this type problems within valid() prepare() salt() etc in dyna.  I would like to not add any more areas of ugly complexity.  Yes, this does cause the end user to need to know a little more.  I guess that is the price of having to use something that allows the ease and flexibility of producing rather complex formats (but that can still run efficiently) in minutes with just a couple lines of text and doing so without having to 'know' the internals of JtR's format structures.  

I find forcing the user to SAY that a format is salted, is little different than having to list the return type of a function, when coding in C.  Certainly that information could be determined at compile time by the compiler, but a decision was made when building the language, which I am sure reduces the complexity of the compiler.

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.