Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 6 Jun 2015 11:10:52 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

On Fri, Jun 05, 2015 at 07:51:18PM +0200, Frank Dittrich wrote:
> On 06/05/2015 02:16 PM, Solar Designer wrote:
> > [solar@...er run]$ ./john fuzz-sample-LUKS-106-18
> > WARNING, LUKS format hash representation will change in future releases,
> > see doc/README.LUKS
> > john: luks_fmt_plug.c:475: get_salt: Assertion `res == cs.afsize' failed.
> > Aborted
> 
> This one is well known. The reason is that luks2john stores the same
> information twice in the hash, and the assertion is there to "prevent"
> loading such inconsistent hashes.
> This assertion also makes fuzzing somewhat harder, since you have to
> make sure to avoid this assertion to find the other bugs.

I think this is improper use of assert().  We should use assert() to
make assertions about the program's own behavior (and we should ensure
that assertions are never false, fixing any false assertions as bugs),
not about its input.

For assertions about the input, we should use explicit checks and either
user-friendly output or just valid() returning 0 (like it would on many
other erroneous hash strings anyway).

BTW, assert()'s are turned into no-ops when building with -DNDEBUG.
While I don't recommend that we build JtR that way, someone might, and
it does show that assert()'s are there for debugging and arguably
sometimes for some safety in presence of bugs, not as proper means to
detect invalid input.

So can we please fix the above misuse of assert()?  It is a bug.

> But LUKS has other issues as well.
> Instead of extraction the infor from all used slots it just extracts the
> infor from the one slot with lowest iteration count (even if this slot
> might refer to a key file instead of a passphrase).
> 
> See https://github.com/magnumripper/JohnTheRipper/issues/557
> LUKS format and luks2john ("best slot")

Thanks!  Yes, it certainly does appear that there are worse issues with
our LUKS format and luks2john.  I think those should be fixed separately.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.