Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 06 May 2015 10:16:43 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-dev@...ts.openwall.com
Subject: John core: --format=crypt rejecting descrypt hashes when it first
 found some bfegg hashes

Solar,

when john --format=crypt loads bfegg hashes first (length 13), it
doesn't recognize valid descrypt hashes anymore.

First, collect some test hashes for a few formats, using a
bleeding-jumbo binary:

(bleeding-jumbo)run $ ./john --list=format-tests --format=aix-smd5 |cut
-f 3 > hashes.aix-smd5
(bleeding-jumbo)run $ ./john --list=format-tests --format=descrypt |cut
-f 3 > hashes.descrypt
(bleeding-jumbo)run $ ./john --list=format-tests --format=bfegg |cut -f
3 > hashes.bfegg


Now, switch to master:

(bleeding-jumbo)run $ cd ../src/
(bleeding-jumbo)src $ git checkout master
Switched to branch 'master'
Your branch is up-to-date with 'origin/master'.
(master)src $ make -s clean ; make -s -j 16 linux-x86-64-avx
DES_std.c: In function ‘DES_std_set_key’:
DES_std.c:635:17: warning: array subscript is above array bounds
[-Warray-bounds]
   while (DES_key[i++]) k += 2;
                 ^
(master)src $ cd ../run/

Test with valid non-descrypt hashes and invalid bfegg hashes:

(master)run $ ./john hashes.aix-smd5 hashes.bfegg
--wordlist=password.lst --format=crypt
Warning: hash encoding string length 37, type id #0
appears to be unsupported on this system; will not load such hashes.
Warning: hash encoding string length 13, type id #1
appears to be unsupported on this system; will not load such hashes.
Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3)
[?/64])
Self test failed (valid)

Test with invalid bfegg hashes and valid descrypt hashes:

(master)run $ ./john hashes.bfegg hashes.descrypt
--wordlist=password.lst --format=crypt
Warning: hash encoding string length 13, type id #1
appears to be unsupported on this system; will not load such hashes.
No password hashes loaded (see FAQ)


If you switch the sequence, i.e., load descrypt first, then bfegg, all
these hashes are considered valid, but later on you get a

Warning: crypt() returned NULL


In December, 2014, I found this problem in bleeding-jumbo, see
https://github.com/magnumripper/JohnTheRipper/issues/967

Soon we realized it is a core problem.

In January, I reported it to john-users:
http://openwall.com/lists/john-users/2015/01/04/1

In February, commit
https://github.com/magnumripper/JohnTheRipper/commit/8fb75ddcf9a66ce6553cff8852cc02ecd2daf59c
was applied to bleeding-jumbo, basically never rejecting hashes of
length 14 as invalid, but warning if someone uses --format=crypt trying
to crack descrypt hashes.


I think a fix in core would be better, so that magnum can get rid of a
deviation from core.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.