Date: Sun, 25 Mar 2007 06:55:48 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: New MSCASH patch Alain, On Tue, Mar 20, 2007 at 07:28:55PM +0100, Alain Espinosa wrote: > Revision #3 > > -fixed same bug that NTLM patch > -now passwords are try in blocks of lenght of 64 Great. > -diff of src directory, same that NTLM patch This is not great. It means that people have to figure out and/or remember to apply different patches in different ways. Please generate your next revision of the patch as follows: TZ=UTC diff -urpN john-1.7.2.orig john-1.7.2-mscash-alainesp-4 > john-1.7.2-mscash-alainesp-4.diff I did it similarly for john-1.7.2-ntlm-alainesp-6.1.diff. If you prefer, you can keep the patched directory name just john-1.7.2. What matters is that the patch may be applied with "patch -p1" while inside the top level john-1.7.2 (or john-whateverversion) directory. > I dont think this patch have the same problem with split because login are > part of the hash. Unfortunately, the patch does have this same problem because it also uses hex-encoded hashes and will accept either case in the encoding. As soon as some cachedump-like tool uses another case for the encoding and hashes dumped with different tools get loaded into JtR at once, the problem might manifest itself. To fix it, you need either split() and FMT_SPLIT_UNIFIES_CASE, or you may have valid() only accept lowercase characters in the hexadecimal part (as long as this works with all current cachedump-like tools, which might not be the case). Yes, I am assuming that duplicate login names are possible. This happens, for example, when password files from multiple systems get loaded for cracking at once. It is not too unlikely that passwords of same-login users would be the same, too. Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ