Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Aug 2015 00:18:13 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags (was: more robustness)

On Tue, Aug 11, 2015 at 12:48 AM, Kai Zhao <loverszhao@...il.com> wrote:
> Hi Alexander,
>
> On Fri, Aug 7, 2015 at 2:20 AM, Solar Designer <solar@...nwall.com> wrote:
>> Kai,
>>
>> On Thu, Aug 06, 2015 at 09:09:15PM +0300, Solar Designer wrote:
>>> Testing: skein-512, Skein 512 [Skein 32/64]... (32xOMP) FAILED (format:skein-512 have set FMT_8_BIT but all passwords ignore the 8th bit)
>>>
>>> This is weird.  I think it's a bug in the code, to be found and fixed.
>>> Kai, please try to find the bug.
>>
>> I took a look.  No, it's a bug in lacking proper test vectors, and
>> another in your extended test not handling this situation well.  Please
>> fix both of these.  That is, please add more test vectors to
>> skein_256_tests[] and skein_512_tests[], and please enhance your tests
>> to handle this situation reasonably.  Just why is it that when there's
>> only one non-empty test vector, which is the string "\xff", your test
>> thinks that "all passwords ignore the 8th bit"?  A quick test with
>> --stdin shows that the skein-512 format only cracks that hash when I
>> feed it "\xff" as input, and does not when I feed it "\x7f".  Perhaps
>> your test is buggy in that it doesn't correctly handle test vectors that
>> already have 8-bit characters in them?
>>
>> Alexander
>
> 1.  Add more test vectors to skein_256_tests[] and skein_512_tests[]
>
> Have not done, since I can not generate skein-256 and skein-512 now.
> I will add when I get the pots or other ways to generate those hashes.
>

Finished: Add more test vectors to skein_256 and skein_512.

https://github.com/magnumripper/JohnTheRipper/pull/1649/files

Thanks to the help from JimF and Frank.

Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ