Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 04:45:42 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing every index (Re: more robustness)

Kai,

On Sat, Aug 22, 2015 at 12:37:49AM +0800, Kai Zhao wrote:
> Here is a new patch which supports: all correct, all incorrect, even index
> correct, odd index correct, even hash(i) correct, and odd hash(i) correct.
> 
> https://github.com/loverszhaokai/JohnTheRipper/commit/fb4661e51779c28bb8e2d1a87283a92e172f8025
> 
> Is there any problems ???

In addition to the questions/issues I posted separately:

You don't appear to fully test the incorrect password indices.  You only
check cmp_all() for those.  You should be checking cmp_one() and
cmp_exact() as well, just like you do for the correct password indices,
but expecting the opposite result.  You may also check the largest
get_hash().  (False positives are too likely for smaller sizes, but
27-bit should be good enough.)

Why do you exclude the VNC format from the cmp_one() test?  This looks
wrong to me.  I mean this:

if (format->methods.cmp_one(binary, i) && strcmp(format->params.label, "VNC"))

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ