Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Aug 2015 16:29:05 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: more robustness

On Mon, Aug 03, 2015 at 04:01:14PM +0800, Kai Zhao wrote:
> On Sun, Jul 5, 2015 at 12:34 AM, Solar Designer <solar@...nwall.com> wrote:
> > So when max_keys_per_crypt is higher than 1, and it usually is, the
> > current self-test would only test one key at a time anyway.  This means
> > that computation for other key indices is left untested.  This is
> > mitigated by testing multiple key indices like that:
> >
> > /* 0 1 2 3 4 6 9 13 19 28 42 63 94 141 211 316 474 711 1066 ... */
> >                 if (index >= 2 && max > ntests)
> >                         index += index >> 1;
> >                 else
> >                         index++;
> >
> > but as you can see this does not result in an exhaustive set of indices,
> > and it is very wasteful (e.g., 712 passwords are hashed, most of them
> > uninitialized, to test only one index 711).
> 
> I may find a bug as you described. It cracks when there is only 1 password,
> but it fails when there is more then 1 passwords.
> 
> Below is the detailed description.
> 
> 1. Format = Oracle12C

Thank you, Kai!

Per commits, I think this has already been fixed, correct?

In general, when something had been brought to john-dev, please post a
followup in here when the issue is fixed (or just to announce that a
GitHub issue has been created and discussion is proceeding there).  As
it was, your john-dev posting stood like an open issue with no followup.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ