Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 02 Aug 2015 15:59:10 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

On 2015-08-01 17:41, Kai Zhao wrote:
>   FMT_8_BIT problems.
>
> format          = bsdicrypt
> FMT_8_BIT = no

> 3. Change some passwords. 'U' -> '\xD5', '*' -> '\xAA'
> static struct fmt_tests tests[] = {
>          {"_J9..CCCCXBrJUJV154M", "\xD5*U*U*U*"},
>          {"_J9..CCCCXUhOBTXzaiE", "\xD5*U***U"},
>          {"_J9..CCCC4gQ.mB/PffM", "\xD5*U***U*"},
>          {"_J9..XXXXvlzQGqpPPdk", "\xAAU*U*U*U"},
>          {"_J9..XXXXsqM/YSSP..Y", "\xAAU*U*U*U*"}, // Change this
>          {"_J9..XXXXVL7qJCnku0I", "*U*U*U*U*U*U*U*U"},
>          {"_J9..XXXXAj8cFbP5scI", "*U*U*U*U*U*U*U*U*"},
>          {"_J9..SDizh.vll5VED9g", "ab1234567"},
>          {"_J9..SDizRjWQ/zePPHc", "cr1234567"},
>          {"_J9..SDizxmRI1GjnQuE", "zxyDPWgydbQjgq"},
>          {"_K9..SaltNrQgIYUAeoY", "726 even"},
>          {"_J9..SDSD5YGyRCr4W4c", ""},
>          {NULL}
> };
>
> test result = FAILED
>
>
> Conclusion: There is one passwords which does not ignore the 8th bit,
> So should we add FMT_8_BIT flag ?

I'm not sure what happens there but I doubt the flag is wrong. Solar?

magnum



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ