Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 09:48:08 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: The cmp_all() of cq

Hi Alexander,

On Sat, Aug 22, 2015 at 9:16 AM, Solar Designer <solar@...nwall.com> wrote:
> Kai,
>
> Please improve upon your e-mail quoting.  You should be quoting just the
> relevant context - not more, not less.

OK. I will have this in mind. Thanks.

> On testing cmp_all():
>
> On Sat, Aug 22, 2015 at 09:00:42AM +0800, Kai Zhao wrote:
>
>> Yes. There is really false positive. But I only found one that is openssl-enc.
>
> openssl-enc may have full-blown false positives, not just at cmp_all()
> level.  It has FMT_NOT_EXACT set to indicate that those are expected.
>
> I am surprised you haven't found more false positives at just that
> cmp_all() level.

I think I did not find more false positives because the wrong passwords
are those:

31337313
31337313
31337313
31337313
31337313

or

80808080\200""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
80808080\200####################################################################################################################
80808080\200$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
80808080\200%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
80808080\200&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
80808080\200''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

The wrong passwords are really rarely used.

> I think these four lines:
>
> #ifdef _OPENMP
> #pragma omp atomic
> #endif
>                         any_cracked |= 1;
>
> should be moved up to before the closing curly brace, to have them
> inside the "if (verify_decrypted_buffer(..." conditional block.
>
> Please fix it and submit a pull request.

Created.

https://github.com/magnumripper/JohnTheRipper/pull/1700


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ