Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 01 May 2014 02:11:33 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: [Suspected Junk Mail] hmacSHA256_fmt.c in john-1.7.9-jumbo-7
 - allow long salts

On 2014-04-30 11:08, Colm O'Flaherty wrote:
> Hi.
>
> This is my first post.
>
> I'm attaching a patch to allow longer salt values in hmacSHA256_fmt.c,
> since the current Jumbo implementation does not allow most JWT tokens to be
> cracked, due to length constraints.

Welcome! Your patch had numerous little problems but JimF made similar 
changes to the bleeding-jumbo tree so the functionality is committed now.

Next time, please delete any irrelevant stuff so it doesn't get included 
in the patch. Do a "make clean" for a starter. And please review your 
patch before submitting it. Did you want us to add an "arch.h" and other 
stuff to the tree? Of course not.

Also, please submit patches against current development tree (and most 
preferably in the form of pull requests on GitHub). 1.7.9-jumbo-7 is 
ancient - literally hundreds of thousands of source lines has been added 
or changed since. A patch against that will often not apply to the 
current trees without manual resolving. But yes, 1.7.9-jumbo-7 *is* the 
latest released tree so maybe you just followed some old recommendation.

A question specific for your patch: You decreased max. password length 
from 125 (the global max.) to 110. Why? Such lengths are pretty academic 
but even so, I despise limits unless there are significant perfomance 
benefits. Maybe there was?

Thanks,
magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ