Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Aug 2015 22:03:28 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: more robustness

Hi Alexander,

On Thu, Aug 6, 2015 at 9:29 PM, Solar Designer <solar@...nwall.com> wrote:
> On Mon, Aug 03, 2015 at 04:01:14PM +0800, Kai Zhao wrote:
>> On Sun, Jul 5, 2015 at 12:34 AM, Solar Designer <solar@...nwall.com> wrote:
>> > So when max_keys_per_crypt is higher than 1, and it usually is, the
>> > current self-test would only test one key at a time anyway.  This means
>> > that computation for other key indices is left untested.  This is
>> > mitigated by testing multiple key indices like that:
>> >
>> > /* 0 1 2 3 4 6 9 13 19 28 42 63 94 141 211 316 474 711 1066 ... */
>> >                 if (index >= 2 && max > ntests)
>> >                         index += index >> 1;
>> >                 else
>> >                         index++;
>> >
>> > but as you can see this does not result in an exhaustive set of indices,
>> > and it is very wasteful (e.g., 712 passwords are hashed, most of them
>> > uninitialized, to test only one index 711).
>>
>> I may find a bug as you described. It cracks when there is only 1 password,
>> but it fails when there is more then 1 passwords.
>>
>> Below is the detailed description.
>>
>> 1. Format = Oracle12C
>
> Thank you, Kai!
>
> Per commits, I think this has already been fixed, correct?
>

magnum has fixed this problem.

https://github.com/magnumripper/JohnTheRipper/commit/3872820a963e99841d0ccdb682e1ca48b56094ef


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ