Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Aug 2015 21:13:01 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

On Mon, Aug 10, 2015 at 5:53 PM, magnum <john.magnum@...hmail.com> wrote:
> On 2015-08-10 11:32, Kai Zhao wrote:
>>
>> On Mon, Aug 10, 2015 at 5:27 PM, magnum <john.magnum@...hmail.com> wrote:
>>>
>>> On 2015-08-10 08:33, Kai Zhao wrote:
>>>>
>>>> 2. There is only one test vector for Stribog-512 and the password is an
>>>> empty string. Since the Stribog-256 should set FMT_8_BIT, I wonder
>>>> the Stribog-512 maybe should set too.
>>>
>>>
>>>
>>> Yes, I presume it should. We also have to create/find more test vectors
>>> or
>>> bugs will go undetected.
>>>
>>
>> How to add more test vector ? Is there any document ?
>
>
> If there are test vectors in whatever reference (eg. RFC) defines the
> format, we should use them if applicable.
>
> If not, try to google some stribog hashes, or as a last restort just create
> them using other means. We have pass_gen.pl for creating lots of hashes but
> it doesn't support stribog. If possible, it should be added.

I add a new test vector for stribog-512 and it does not ignore the 8th bit,
so I add the FMT_8_BIT flag.

https://github.com/magnumripper/JohnTheRipper/pull/1636/files

Can we get the past contest pots ? I think we can find more test vectors
by the contest pots.

>> Should I create an issue : "Create more test vectors" ?
>
>
> That might be a good idea. Actually there are a lot of formats that lack
> appropriate test vectors. All formats should test its own max. length, a
> null string (if applicable) and other random words of various length. 8-bit
> formats should also have some 8-bit test vector.
>

Just created.

https://github.com/magnumripper/JohnTheRipper/issues/1637

I think it would be better if john gives warning messages if the number
of test vectors is less than 2 when using --test-full. Such as,

"WARNING: this format has less test vectors, please add more"


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ