Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Aug 2015 00:48:55 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags (was: more robustness)

Hi Alexander,

On Fri, Aug 7, 2015 at 2:20 AM, Solar Designer <solar@...nwall.com> wrote:
> Kai,
>
> On Thu, Aug 06, 2015 at 09:09:15PM +0300, Solar Designer wrote:
>> Testing: skein-512, Skein 512 [Skein 32/64]... (32xOMP) FAILED (format:skein-512 have set FMT_8_BIT but all passwords ignore the 8th bit)
>>
>> This is weird.  I think it's a bug in the code, to be found and fixed.
>> Kai, please try to find the bug.
>
> I took a look.  No, it's a bug in lacking proper test vectors, and
> another in your extended test not handling this situation well.  Please
> fix both of these.  That is, please add more test vectors to
> skein_256_tests[] and skein_512_tests[], and please enhance your tests
> to handle this situation reasonably.  Just why is it that when there's
> only one non-empty test vector, which is the string "\xff", your test
> thinks that "all passwords ignore the 8th bit"?  A quick test with
> --stdin shows that the skein-512 format only cracks that hash when I
> feed it "\xff" as input, and does not when I feed it "\x7f".  Perhaps
> your test is buggy in that it doesn't correctly handle test vectors that
> already have 8-bit characters in them?
>
> Alexander

1.  Add more test vectors to skein_256_tests[] and skein_512_tests[]

Have not done, since I can not generate skein-256 and skein-512 now.
I will add when I get the pots or other ways to generate those hashes.

2. Enhance your tests to handle this situation reasonably

This is fixed by:

https://github.com/magnumripper/JohnTheRipper/pull/1640/files

After I rewrite the test_fmt_8_bit(), I find a new bug of FMT_8_BIT
with tripcode. The old test_fmt_8_bit() only change the first character
of the password. The new one change all the characters to OR '\x80',
and to AND '\x7F'.

 static struct fmt_tests tests[] = {
-       {"Rk7VUsDT2U", "simpson"},
+       {"Rk7VUsDT2U", "si\xEDpson"},
        {"3GqYIJ3Obs", "tripcode"},
        {"Id1gMYGA52", "ponytail"},
        {NULL}

The self-test result is: FAILED (cmp_all(1)). So the tripcode should
set the FMT_8_BIT flag. Does it ?


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ