Date: Wed, 9 Sep 2015 12:19:43 -0500 From: JimF <jfoug@....net> To: john-dev@...ts.openwall.com Subject: Re: auditing our use of FMT_* flags On 9/8/2015 10:42 AM, Kai Zhao wrote: > Since JimF has add the flag for MediaWiki, PHPS and PHPS2, I think I > should add these formats to whitelist. Maybe also includes > dynamic=md5($p). Should I ? > https://github.com/magnumripper/JohnTheRipper/commit/cc5ae475bad53ca46b9c74a82848bc86c6b9c314 Ok, this certainly did show errors. I had made changes to these formats, adding a 'smarter' split, so that it would allow a 'real' hash to store in the pot file, even though using a thin dynamic. So, media wiki will now write $B$salt$hash... into the .pot file, where before it was writing $dynamic_9$hash$salt- That split was built do output in 2 possible ways, and then a prepare that would fix up to a single unified format. However, this split function was NOT casing properly. I have fixed this. I also added a proper dynamic hash to the array, and this turned up an issue which I have also fixed, in the case detect logic. The older logic only tested the first element, and then made a yes or no based upon that. I have changed so that I test every element. I will end up with a yes, a no, or a 'sometimes' end result, and will print errors listing all cases. I will get these changes in shortly, and then move on the remaining failures. Here is what was listed. NOTE, a new format shows up as 'sometimes', and there likely are others, but they do not auto show up, because we do not have test strings in all layouts that the format's split() can handle. I know I will have to make sure all of the thin formats have both types, since the splits were re-done like they were in media wiki. But there may be other hashes that handle both a canonical and a raw hash (or some other format), which only 'some' of the split() execution path's would properly case, but that have not enough test cases. Jim.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ