Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 13 Mar 2007 02:37:31 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New NT patch

Alain,

On Mon, Mar 12, 2007 at 11:51:43PM +0100, Alain Espinosa wrote:
> On 3/10/07, Solar Designer <solar@...nwall.com> wrote:
> >
> >I took the liberty to release (in contrib/ and linked from the web page)
> >a "revision 5.1" instead.  This is essentially your -5 without SSE2 code
> >(since you've mentioned that it has a nasty known bug) and with split()
> >added to address the problem pointed out by Frank (it did apply - I have
> >a test case).
> 
> What means "with split() added to address the problem pointed out by Frank
> (it did apply - I have a test case). " ???

It means that I've added a new function named split() to your code in
revision 5.1 - please download it and see for yourself.  I am assuming
that you will integrate this in your revision 6.  To test for the
problem with your revision 5 and see how it is resolved in 5.1, please
use pw-lm-ntlm-mixedcase.gz (a file that I've provided to you privately).

The problem is described here:

	http://www.openwall.com/lists/john-users/2007/03/07/7
	http://www.openwall.com/lists/john-users/2005/12/17/2

Also relevant is this comment on split() in src/formats.h:

 * For hex-encoded hashes which are compared by the target system/application
 * irrespective of the case of characters (upper/lower/mixed) used in their
 * encoding, split() must unify the case (e.g., convert to all-lowercase)
 * and FMT_SPLIT_UNIFIES_CASE must be set. */

Oh, I forgot to add FMT_SPLIT_UNIFIES_CASE - please add it and test with
pw-lm-ntlm-mixedcase.gz again.  This should only affect the --show option,
which I neglected to test with pw-lm-ntlm-mixedcase.gz for revision 5.1.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ