Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 12 Mar 2007 23:47:09 +0100
From: "Alain Espinosa" <alainesp@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: LM an NTLM combination

I can reproduce the bug with the -4 version. Very intersting bug.

In version 5 i agregate this test in function cmp_one:

344     if(b!=t[1])
345        return 0;

This was because i try blocks of passwords and need a more especific test
(cmp_all could return 1 because only 1 password).

Puting this test in the 4 version fixed the bug. Why this occur? I really
dont know.

I think (-4 version) that before enter to cmp_one john need to enter to
cmp_all and checks the same condition that would make this checks (344,345)
innecesary.

But forget about cmp_all. Insert the lines in -4 patch. Eliminate this lines
(344,345) now could make that at least more or equal hashes pass the test of
cmp_one and the bug (if existed) need to be accept password that dont have
the current hash. But what happens its the opposite. And i dont understand
why in 2 pass john find passwords. Maybe Solar, who know the intrinsics of
john, can explain. I dont undestand.

alain

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ