Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Jul 2015 09:52:40 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags (was: more robustness)

Hi Alexander,

On Sun, Jul 26, 2015 at 2:57 AM, Solar Designer <solar@...nwall.com> wrote:
>
> Kai,
>
> On Sun, Jul 12, 2015 at 05:18:03PM +0300, Solar Designer wrote:
> > Unrelated, here's a task for you for next week: identify improperly set
> > or missing FMT_* flags.  For example, a format supporting 8-bit chars in
> > passwords (unlike descrypt, which drops the 8th bit, by its definition),
> > but forgetting to set FMT_8_BIT.
> >

For dominosec8 which does not set FMT_8_BIT.

static struct fmt_tests tests[] = {
        {"(HsjFebq0Kh9kH7aAZYc7kY30mC30mC3KmC30mCluagXrvWKj1)", "hashcat"},
        {NULL}
};

't' is '\x74', so when I change "hashcat" -> "hashca\x74" and recompile.

$ ./john --test=0 --format=dominosec8
Will run 8 OpenMP threads
Testing: dominosec8, Lotus Notes/Domino 8 [8/64]... (8xOMP)
PASS

Since it does not set FMT_8_BIT, so it ignores the 8th bit.

't' is '\x74', and '\x74' | '\x80' is '\xF4', so I change "hashcat" ->
"hashca\xF4". But the test result is failed. Is this a bug ?

$ ./john --test=0 --format=dominosec8
Will run 8 OpenMP threads
Testing: dominosec8, Lotus Notes/Domino 8 [8/64]... (8xOMP)
FAILED (cmp_all(1))

I did the same thing to those formats which do not set FMT_8_BIT
and they are ok. Such as, descrypt, bsdicrypt, tripcode

Thanks,

Kai

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ