Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 Jun 2015 11:29:29 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: Fuzzing Report on hashes


---- Solar Designer <solar@...nwall.com> wrote: 
> Thanks!  I see that Jim fixed the former, and declared the latter
> invalid (sorry I didn't look into it closer).  Thanks, Jim!

I did not add N to the valid() within django scrypt.  We might want to look at that.  A hash with N > 32 (>=32?) will always fail.  It is that way now, but I do not know if that is also the case using the other scrypt code.  I did not add the valid check now, but with the change if that one line input file (with the N=41) is run, then john will appear to be doing work, BUT no passwords are ever checked.  However, the format will run really fast, lol.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ