Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 00:37:49 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing every index (Re: more robustness)

Hi Alexander,

On Mon, Aug 17, 2015 at 9:52 PM, Solar Designer <solar@...nwall.com> wrote:
> Kai,
>
> On Mon, Aug 17, 2015 at 08:43:42PM +0800, Kai Zhao wrote:
>> What do you mean by "make use of all test vectors at once
>> rather than use just one plaintext for all expected-correct indices."
>> For example,
>>
>> LM.fmt.c
>>
>> static struct fmt_tests tests[] = {
>>         {"$LM$a9c604d244c4e99d", "AAAAAA"},
>>         {"$LM$cbc501a4d2227783", "AAAAAAA"},
>>         {"$LM$3466c2b0487fe39a", "CRACKPO"},
>>         {"$LM$dbc5e5cba8028091", "IMPUNIT"},
>>         {LM_EMPTY LM_EMPTY, ""},
>>         {"$LM$73cc402bd3e79175", "SCLEROS"},
>>         {"$LM$5ecd9236d21095ce", "YOKOHAM"},
>>         {"$LM$A5E6066DE61C3E35", "ZZZZZZZ"}, /* uppercase encoding */
>>         {"$LM$1FB363feB834C12D", "ZZZZZZ"}, /* mixed case encoding */
>>         {NULL}
>> };
>>
>> Now we are cracking the "$LM$a9c604d244c4e99d", and the correct
>> password is "AAAAAA".
>>
>> The current array of keys which set correct passwords on the even
>> index is:
>>
>> [0] = "AAAAAA"
>> [1] = "wrong password"
>> [2] = "AAAAAA"
>> [3] = "wrong password"
>> ...
>>
>> To make use of all the test vectors, do you mean the array should be
>> the following ?
>>
>> [0] = "AAAAAA"
>> [1] = "AAAAAAA"
>> [2] = "CRACKPO"
>> [3] = "IMPUNIT"
>> ...
>
> No.  I still want to have us test handling of incorrect passwords at the
> same time as well.  So it's more like:
>
> [0] = "AAAAAA"
> [1] = "wrong password"
> [2] = "AAAAAAA"
> [3] = "wrong password"
> [4] = "CRACKPO"
> [5] = "wrong password"
> [6] = "IMPUNIT"
> [7] = "wrong password"
> ...
>
> And as I had mentioned, testing of other correct/incorrect patterns is
> also good.  Maybe you could add separate testing with all-correct and
> all-incorrect passwords as well, just to make sure these extreme cases
> work as well.  So this would be 6 crypt_all() invocations, then - two
> for even/odd i, two for even/odd h(i), and two for all-correct (like you
> suggested above) and all-incorrect.

Here is a new patch which supports: all correct, all incorrect, even index
correct, odd index correct, even hash(i) correct, and odd hash(i) correct.

https://github.com/loverszhaokai/JohnTheRipper/commit/fb4661e51779c28bb8e2d1a87283a92e172f8025

Is there any problems ?

Thanks,

Kai

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.