Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 01 Jun 2014 16:56:45 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Dupe crack detection

Solar,

These lines in cracker.c:

static int crk_process_guess(struct db_salt *salt, struct db_password *pw,
         int index)
{
         int dupe;
         char *key;

         dupe = !memcmp(&crk_timestamps[index], &status.crypts, 
sizeof(int64));
         crk_timestamps[index] = status.crypts;



What is that 'dupe' thing about? I always thought that it would detect 
dupe cracks of same password within the same batch of keys - that is, we 
actually got the same candidate in eg. index 0 and index 2. But now that 
I look closer I think it can't do that. So what is it for? Could 
crk_process_guess() sometimes be called twice for the same batch and index?

And back to that "dupe within a batch": Do we not have any such 
suppression? I always thought we had, but we're seeing "1501 cracked out 
of 1500" in a test case.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ