Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Aug 2015 08:57:29 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags (was: more robustness)

Hi Alexander,

The current --test-full branch is here:

https://github.com/loverszhaokai/JohnTheRipper/tree/test_full_option

This patch can detect FMT_CASE and FMT_8_BIT errors.

    $ ./john --test-full=0  [--format=...]

Finally, there are some problems with the two flags.

1. FMT_8_BIT

    1.1 formats have not set FMT_8_BIT but there is at least one
          password which does not ignore the 8th bit

        bsdicrypt, has-160, pomelo, pufferfish, Stribog-256, wpapsk

    1.2 formats have set FMT_8_BIT but all passwords ignore 8th bit

        VNC, crypt

2. FMT_CASE

    2.1 formats have not set FMT_CASE but there is at least one
          password which is case-sensitive

        LM, WoWSRP, mssql, nethalflm, netlm, oracle, sapb, saph

    2.2 formats have set FMT_CASE but all passwords are
          case-insensitive

        OpenVMS


I think some of the problems are really bugs while some are not because
the current technical aspect of self-tests. I think it would be better if
you
or magnum or others can help me to make it clear.


Thanks,

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ