Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Aug 2015 14:33:26 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags (was: more robustness)

Hi Alexander, magnum,

On Fri, Aug 7, 2015 at 2:09 AM, Solar Designer <solar@...nwall.com> wrote:
> On Tue, Aug 04, 2015 at 08:57:29AM +0800, Kai Zhao wrote:
>> 1. FMT_8_BIT
>>
>>     1.1 formats have not set FMT_8_BIT but there is at least one
>>           password which does not ignore the 8th bit
>>
>>         bsdicrypt, has-160, pomelo, pufferfish, Stribog-256, wpapsk
>
> I've just fixed bsdicrypt's code.  The rest should have the flag set.
> Kai, you may commit that change.
>
>>     1.2 formats have set FMT_8_BIT but all passwords ignore 8th bit
>>
>>         VNC, crypt
>
> Looks like VNC's bit_flip[] table is such that it in fact ignores the
> 8th bit.  Kai, please re-format the table in vnc_fmt_plug.c to keep 8
> values per line, so that it's symmetry is easily seen.  Once confirmed,
> please drop the FMT_8_BIT flag.
>
> For crypt, this is on purpose, and no change is needed.  It "can't"
> reliably know if the underlying system's crypt() is 8-bit or not, and in
> fact this will vary by actual hash type, of which multiple ones may be
> loaded at once (with that one format).  The default test vectors are
> such that they're 7-bit, hence the "spurious" problem detection by the
> extended test.
>

I send a patch which fixes some FMT_8_BIT errors.

https://github.com/magnumripper/JohnTheRipper/pull/1634

The patch contains:

1. Add FMT_8_BIT: has-160, pomelo, pufferfish, Stribog-256
2. Remove FMT_8_BIT: VNC
3. Do not check FMT_8_BIT of crypt

I think VNC does ignore the 8th bit, since I change all the passwords
of test vectors from VNC to OR '\x80' , and the self-test result is "PASS".

Here are two questions:

1. Shoud wpapsk set FMT_8_BIT ?

2. There is only one test vector for Stribog-512 and the password is an
empty string. Since the Stribog-256 should set FMT_8_BIT, I wonder
the Stribog-512 maybe should set too.

Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ