Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Mar 2007 06:55:48 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New MSCASH patch

Alain,

On Tue, Mar 20, 2007 at 07:28:55PM +0100, Alain Espinosa wrote:
> Revision #3
> 
> -fixed same bug that NTLM patch
> -now passwords are try in blocks of lenght of 64

Great.

> -diff of src directory, same that NTLM patch

This is not great.  It means that people have to figure out and/or
remember to apply different patches in different ways.  Please generate
your next revision of the patch as follows:

TZ=UTC diff -urpN john-1.7.2.orig john-1.7.2-mscash-alainesp-4 > john-1.7.2-mscash-alainesp-4.diff

I did it similarly for john-1.7.2-ntlm-alainesp-6.1.diff.

If you prefer, you can keep the patched directory name just john-1.7.2.
What matters is that the patch may be applied with "patch -p1" while
inside the top level john-1.7.2 (or john-whateverversion) directory.

> I dont think this patch have the same problem with split because login are
> part of the hash.

Unfortunately, the patch does have this same problem because it also
uses hex-encoded hashes and will accept either case in the encoding.  As
soon as some cachedump-like tool uses another case for the encoding and
hashes dumped with different tools get loaded into JtR at once, the
problem might manifest itself.  To fix it, you need either split() and
FMT_SPLIT_UNIFIES_CASE, or you may have valid() only accept lowercase
characters in the hexadecimal part (as long as this works with all
current cachedump-like tools, which might not be the case).

Yes, I am assuming that duplicate login names are possible.  This
happens, for example, when password files from multiple systems get
loaded for cracking at once.  It is not too unlikely that passwords of
same-login users would be the same, too.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ