Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Aug 2015 09:04:26 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing every index (Re: more robustness)

Hi Alexander,

On Sun, Aug 16, 2015 at 12:33 AM, Solar Designer <solar@...nwall.com> wrote:
> Kai,
>
> On Sat, Jul 04, 2015 at 07:34:55PM +0300, Solar Designer wrote:
>> On Sat, Jul 04, 2015 at 10:17:21PM +0800, Kai Zhao wrote:
>> > Currently --test has already mimic actual cracking except it only contains
>> > correct passwords.
>>
>> No, that's not the only aspect in which it differs from actual cracking.
>> As I wrote above, "--test performs only very basic testing, hashing one
>> password at a time (albeit in different key indices)".
>>
>> So when max_keys_per_crypt is higher than 1, and it usually is, the
>> current self-test would only test one key at a time anyway.  This means
>> that computation for other key indices is left untested.  This is
>> mitigated by testing multiple key indices like that:
>>
>> /* 0 1 2 3 4 6 9 13 19 28 42 63 94 141 211 316 474 711 1066 ... */
>>                 if (index >= 2 && max > ntests)
>>                         index += index >> 1;
>>                 else
>>                         index++;
>>
>> but as you can see this does not result in an exhaustive set of indices,
>> and it is very wasteful (e.g., 712 passwords are hashed, most of them
>> uninitialized, to test only one index 711).
>
> Have you since implemented testing of every index (in the range of 0 to
> max_keys_per_crypt) when running with --test-full?  Where is it in code?
>
> I recall us finding one bug in this way, but I don't see it in code.
>

Yes, we did. The code is in formats.c:: 1196~1211
First, set (max - 1) keys by longcand, then set the last keys which is the
right key.

static char *fmt_self_test_full_body(struct fmt_main *format,
    void *binary_copy, void *salt_copy, struct db_main *db)
{
                ...
                format->methods.clear_keys();
                format->methods.set_salt(salt);
                for (i = 0; i < max - 1; i++) {
                        char *pCand = longcand(format, i, ml);
                        fmt_set_key(pCand, i);
                }
                fmt_set_key(current->plaintext, max - 1);

#if !defined(BENCH_BUILD) && (defined(HAVE_OPENCL) || defined(HAVE_CUDA))
                advance_cursor();
#endif

                ret = is_key_right(format, max - 1, binary,
ciphertext, plaintext, 0);
                if (ret)
                        return ret;
                format->methods.clear_keys();
                ...
}


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ