Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 1 Aug 2015 23:41:54 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

 FMT_8_BIT problems.

format          = bsdicrypt
FMT_8_BIT = no

1. original test vector

static struct fmt_tests tests[] = {
        {"_J9..CCCCXBrJUJV154M", "U*U*U*U*"},
        {"_J9..CCCCXUhOBTXzaiE", "U*U***U"},
        {"_J9..CCCC4gQ.mB/PffM", "U*U***U*"},
        {"_J9..XXXXvlzQGqpPPdk", "*U*U*U*U"},
        {"_J9..XXXXsqM/YSSP..Y", "*U*U*U*U*"},
        {"_J9..XXXXVL7qJCnku0I", "*U*U*U*U*U*U*U*U"},
        {"_J9..XXXXAj8cFbP5scI", "*U*U*U*U*U*U*U*U*"},
        {"_J9..SDizh.vll5VED9g", "ab1234567"},
        {"_J9..SDizRjWQ/zePPHc", "cr1234567"},
        {"_J9..SDizxmRI1GjnQuE", "zxyDPWgydbQjgq"},
        {"_K9..SaltNrQgIYUAeoY", "726 even"},
        {"_J9..SDSD5YGyRCr4W4c", ""},
        {NULL}
};

test result = PASS

2. Change some passwords. 'U' -> '\xD5', '*' -> '\xAA'

static struct fmt_tests tests[] = {
        {"_J9..CCCCXBrJUJV154M", "\xD5*U*U*U*"},
        {"_J9..CCCCXUhOBTXzaiE", "\xD5*U***U"},
        {"_J9..CCCC4gQ.mB/PffM", "\xD5*U***U*"},
        {"_J9..XXXXvlzQGqpPPdk", "\xAAU*U*U*U"},
        {"_J9..XXXXsqM/YSSP..Y", "*U*U*U*U*"},
        {"_J9..XXXXVL7qJCnku0I", "*U*U*U*U*U*U*U*U"},
        {"_J9..XXXXAj8cFbP5scI", "*U*U*U*U*U*U*U*U*"},
        {"_J9..SDizh.vll5VED9g", "ab1234567"},
        {"_J9..SDizRjWQ/zePPHc", "cr1234567"},
        {"_J9..SDizxmRI1GjnQuE", "zxyDPWgydbQjgq"},
        {"_K9..SaltNrQgIYUAeoY", "726 even"},
        {"_J9..SDSD5YGyRCr4W4c", ""},
        {NULL}
};

test result = PASS

3. Change some passwords. 'U' -> '\xD5', '*' -> '\xAA'
static struct fmt_tests tests[] = {
        {"_J9..CCCCXBrJUJV154M", "\xD5*U*U*U*"},
        {"_J9..CCCCXUhOBTXzaiE", "\xD5*U***U"},
        {"_J9..CCCC4gQ.mB/PffM", "\xD5*U***U*"},
        {"_J9..XXXXvlzQGqpPPdk", "\xAAU*U*U*U"},
        {"_J9..XXXXsqM/YSSP..Y", "\xAAU*U*U*U*"}, // Change this
        {"_J9..XXXXVL7qJCnku0I", "*U*U*U*U*U*U*U*U"},
        {"_J9..XXXXAj8cFbP5scI", "*U*U*U*U*U*U*U*U*"},
        {"_J9..SDizh.vll5VED9g", "ab1234567"},
        {"_J9..SDizRjWQ/zePPHc", "cr1234567"},
        {"_J9..SDizxmRI1GjnQuE", "zxyDPWgydbQjgq"},
        {"_K9..SaltNrQgIYUAeoY", "726 even"},
        {"_J9..SDSD5YGyRCr4W4c", ""},
        {NULL}
};

test result = FAILED


Conclusion: There is one passwords which does not ignore the 8th bit,
So should we add FMT_8_BIT flag ?


Thanks,

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ