Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 04:34:53 +0300
From: Solar Designer <>
Subject: Re: testing every index (Re: more robustness)


On Sat, Aug 22, 2015 at 12:37:49AM +0800, Kai Zhao wrote:
> Here is a new patch which supports: all correct, all incorrect, even index
> correct, odd index correct, even hash(i) correct, and odd hash(i) correct.
> Is there any problems ???

This looks much better to me.  I haven't reviewed it thoroughly (and I
don't intend to), but here are a few issues I noticed:

There's no such thing as "Current max max_keys_per_crypt".  I guess you
meant for the current version of JtR, but no, that's not how it works.
max_keys_per_crypt is adjusted dynamically by many formats' init(), and
how it's adjusted depends on things such as OpenMP thread count and
OpenCL GWS tuning.  Your current 33554432, while extremely high, might
in fact not be enough for current JtR on some hardware.

Also, you used a static array for this.  This grows the .bss
unnecessarily.  Please use dynamic memory allocation for the actual
max_keys_per_crypt instead.  If you don't want to allocate/free for each
format, you may use realloc() to a higher size whenever a next format
has a higher max_keys_per_crypt than the previously seen maximum (in the
formats tested up to that point).

For the correct password, you're still setting just one password for all
indices.  You should instead use all passwords from the test vectors,
then compare each computed hash against the one expected for the test
vector that you used for that index.

The above means that your Boolean correct_key[] is better changed to
array of pointers (pointing to the test vector hashes, or NULL if not
correct) or integers (storing test vector numbers, or e.g. -1 if not

Please make the above enhancements.

Meanwhile, have these tests uncovered any bugs?



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ