Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 Sep 2013 13:45:12 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: HMAC valid (was: 7z valid())

On 15 sep 2013, at 06:13, Solar Designer <solar@...nwall.com> wrote:
> A related issue is that many hmac* formats recognize 7z format's strings
> as valid for them as well.  You might want to look into this and see if
> anything (reasonable) can be done about it now.

Can you give a specific example? All hmac formats' valid() does this:

* ciphertext must contain at least one '#'.
* left-side of the [rightmost] '#' is salt and has a max. allowed length.
* right-side of '#' is hash and must have correct length, eg. 40 hex chars for hmac-MD5.
* hash must be [0-9a-fA-F].

A 7z ciphertext does not contain '#' so I can't see how it would pass.


static int valid(char *ciphertext, struct fmt_main *self)
{
	int pos, i;
	char *p;

	p = strrchr(ciphertext, '#'); // allow # in salt
	if (!p || p > &ciphertext[strlen(ciphertext)-1]) return 0;
	i = (int)(p - ciphertext);
	if(i > SALT_SIZE) return 0;
	pos = i+1;
	if (strlen(ciphertext+pos) != BINARY_SIZE*2) return 0;
	for (i = pos; i < BINARY_SIZE*2+pos; i++)
	{
		if (!(  (('0' <= ciphertext[i])&&(ciphertext[i] <= '9')) ||
		        (('a' <= ciphertext[i])&&(ciphertext[i] <= 'f'))
		        || (('A' <= ciphertext[i])&&(ciphertext[i] <= 'F'))))
			return 0;
	}
	return 1;
}


magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ