Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Sep 2015 10:23:13 -0500
From: JimF <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: FormSpring valid()

Btw, magnum made a recent improvement to pass_gen that makes it 
wonderful for building test strings (the -vector switch).  This was made 
possible when I recently made a unified output function.  Since every 
format (well almost every format) in pass_gen passes through that single 
outputting function, switching over to a format test string compatible 
method was simple and really (REALLY) makes a lot of sense for someone 
working at improving format test cases.

$ echo -n test | run/pass_gen.pl formspring -vectors
{"d877b586b98d5472db77d3e821babdfdab24b987220667cd680325f6be04cdf4$99", 
"test"},

So it is already prepped and ready to drop right in a format file.

On 9/7/2015 10:08 AM, JimF wrote:
>
>
> On 9/7/2015 8:27 AM, Kai Zhao wrote:
>> Hi Alexander,
>>
>> On Mon, Sep 7, 2015 at 1:28 AM, Solar Designer <solar@...nwall.com> 
>> wrote:
>>> Kai - how did you obtain the test vectors that you added to
>>> formspring_fmt_plug.c in 101bed96efba9509f5f60447a342a00024bba17e?
>>> Specifically, where did their salts come from?  Why are they of 8 hex
>>> digits whereas the existing test vectors used two-char salts?
>> In dynamic_preloads.c::121
>>
>> //dynamic_60 -->sha256($p)
>>
>> So I can generate test vectors by:
>>
>> $ ./john --test=0 --format='dynamic=sha256($s.$p),debug'
> If you change your command to this:
>
> $ ./john --test=0 --format='dynamic=sha256($s.$p),saltlen=2,debug'
>
> It would give proper 2 byte salts for you.
>
> Also:
>
> $ echo -n test | run/pass_gen.pl formspring
> #!comment: Built with pass_gen.pl using RAW mode, 0 to 128 characters 
> dict file=stdin
>
>   ** Here are the hashes for format formspring **
> u0:0f435d79d56ae33430041d2e1b2892cb13f2e346ab8d9a79febf2d9c695672b6$72:0:0:test: 
>
>
> Also works.  pass_gen.pl was built to provide workable hashes for most 
> of johns format. It does a pretty decent job. It even contains a 
> dynamic 'expression building'  (the logic from it actually was used to 
> make the @dynamic=@ format in john).  It really should be looked at as 
> a first source of obtaining new hashes.
>
>

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ