Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Aug 2015 18:10:52 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing every index (Re: more robustness)

Hi Alexander,

On Sun, Aug 16, 2015 at 10:16 PM, Solar Designer <solar@...nwall.com> wrote:
> Kai,
>
> On Sun, Aug 16, 2015 at 09:04:26AM +0800, Kai Zhao wrote:
>> On Sun, Aug 16, 2015 at 12:33 AM, Solar Designer <solar@...nwall.com> wrote:
>> > Have you since implemented testing of every index (in the range of 0 to
>> > max_keys_per_crypt) when running with --test-full?  Where is it in code?
>> >
>> > I recall us finding one bug in this way, but I don't see it in code.
>>
>> Yes, we did. The code is in formats.c:: 1196~1211
>> First, set (max - 1) keys by longcand, then set the last keys which is the
>> right key.
>
> That's not what I had meant.  It's not testing every index - it's
> testing the last index only, and only with a correct password in it.
>
> Looks like nothing has been done on the original task, and you have yet
> to take care of it.
>
> We need to test that in every index a correct password is detected as
> such, and an incorrect password is detected as such as well.  To speed
> this up and to mimic actual cracking, you should set and test passwords
> in all indices at once.  In order to test every index in both ways, you
> will need to invoke crypt_all() at least twice.  If you do it exactly
> twice, then you need to invert the selection of which indices hold
> correct vs. incorrect passwords between the two crypt_all() calls.
>
> Will you implement this soon, please?
>

I tried to implement this in the following patch:

https://github.com/loverszhaokai/JohnTheRipper/commit/794f5ffa998b122e9457c566ee8860d456fe01af

There is check_all_even_index() and check_all_odd_index().
I set the correct password to all the even index in check_all_even_index().

        for (i = 0; i < max; i++) {
                if (i % 2 == 0)
                        key = plaintext;
                else
                        key = longcand(format, i, ml);
                fmt_set_key(key, i);
        }

And then check all the even index by cmp_one() in check_all_index()

        for (i = 0; i < max; i++)
        if ((is_even && i % 2 == 0) ||
            (!is_even && i % 2 == 1)) {
                if (!format->methods.cmp_one(binary, i)) {
                        snprintf(err_buf, sizeof(err_buf), "cmp_one(%d) failed",
                                i);
                        return err_buf;
                }
        }


Does this what you mean by testing every index ?


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ