Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Jun 2015 23:01:49 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Fuzzing Report on hashes

> There's, however, a major omission: you didn't create any issues for the
> false positives.  This is probably two issues:

I do not understand the false positives.

django_scrypt_fmt_plug.c: 64

{"scrypt$Cj0PzdtT3qS2$14$8$1$64$qn4CDnM8CcIBNrpQXHo6ti8vSUoSXj7GBFy7k1bp5wPs8jKjh/gHZ+qM9uk6LbcVHm02yBaI5WCbDm/Shq/MXA==",
"realmenuseJtR"}

$ cat pwfile
scrypt$Cj0PzdtT3qS2$41$8$1$64$qn4CDnM8CcIBNrpQXHo6ti8vSUoSXj7GBFy7k1bp5wPs8jKjh/gHZ+qM9uk6LbcVHm02yBaI5WCbDm/Shq/MXA==

The pwfile is different with test vector of django_scrypt_fmt_plug.

14 -> 41

$ ./john pwfile
Using default input encoding: UTF-8
Loaded 1 password hash (django-scrypt [Salsa20/8 128/128 AVX])
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
1234567890       (?)
1g 0:00:00:00 DONE 2/3 (2015-06-07 22:59) 50.00g/s 400.0p/s 400.0c/s
400.0C/s 123456..abc123
Use the "--show" option to display all of the cracked passwords reliably
Session completed

So the problem is that john reports "1234567890" is the password ?

> Isn't this 21 issues?
>
> 1412-1392+1 = 21

There is no 1400, I created the 1400 and later I found this issue was
same with 1399. So I closed the 1400. It's my mistake.

> You could want to enhance this with --session and --pot pointing to
> files on a tmpfs mount, and run multiple processes at a time (I don't
> know how this is done with afl; you should know) with different session
> files for each concurrent child process.

Thanks for your advice, I will have a try.

Thanks,

Kai

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ