Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 28 Jul 2015 10:03:38 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

Hi Frank,

On Tue, Jul 28, 2015 at 5:52 AM, Frank Dittrich <frank.dittrich@...lbox.org>
wrote:
>
> On 07/27/2015 04:01 AM, Kai Zhao wrote:
> > I have written a script to check, and change john source code to check
> > FMT_SPLIT_UNIFIES_CASE. They are described at:
> >
> > http://www.openwall.com/lists/john-dev/2015/07/21/6
> >
> > I thought there were some problems but they were not.
>
> I don't know whether you considered this, but a format which sets
> FMT_SPLIT_UNIFIES_CASE may decide to convert everything into lower case,
> and another format may decide to convert everything into upper case.
> Both is fine.

Most formats which set FMT_SPLIT_UNIFIES_CASE may decide to
convert part into lower case or upper case.

For example: WoWSRP

$WoWSRP$6d00cd214c8473c7f4e9dc77ae8fc6b3944298c48c7454e6bb8296952dcfe78d$73616c74*solar

After split()

$WoWSRP$6D00CD214C8473C7F4E9DC77AE8FC6B3944298C48C7454E6BB8296952DCFE78D$73616C74*solar

It converts the middle part to upper.

> So I would use input with mixed upper and lower case letters, and then
> see whether the format converts into lower or upper or leaves the input
> unchanged (not considering formats where split produces more than one
> hash for a single input (like LM format)).
>

Yes. Your method is all right. But I think we can do it in
format.c::fmt_self_test_body()

1. Change the ciphertext to upper case
2. If split() returns lower case
        If FMT_SPLIT_UNIFIES_CASE is set
             return OK;
        else
             return ERROR;

3. Change the ciphertext to lower case
4. If split() returns upper case
        If FMT_SPLIT_UNIFIES_CASE is set
             return OK;
        else
             return ERROR;

Finally, there are no formats have obvious problems with
FMT_SPLIT_UNIFIES_CASE flag. But there are 3 formats: MediaWiki,
PHPS, PHPS2 which do not contain the flag and their split do not change
case. But the 3 formats finally has the flag: FMT_SPLIT_UNIFIES_CASE.

Thanks,

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.