Date: Tue, 13 Nov 2007 04:28:44 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Simon's "myjohn" and patch for DES-based Oracle hashes support (was: bitslice implementation of ORACLE hash cracking) Regarding getting this into the next revision of the jumbo patch: On Mon, Nov 12, 2007 at 09:49:00AM +0100, Simon Marechal wrote: > ... I do not believe the half-assed ciphers I added are worth the work. Well, the "hack quality" of these patches is one of the reasons why I don't just merge them into JtR, but for the jumbo patch things are different. The jumbo patch is supposed to be just that - a collection of useful, but non-optimal, possibly buggy, and sometimes less portable patches that do not get into the official JtR. Are there more hashes/ciphers in your "myjohn" that are not in the current jumbo patch? If so, can you please submit them for merging into the jumbo patch? > As you'll see it's very slow and would > tremendously be sped up by proper buffering / use of the bitsliced code. > I never did this because 99% of oracle passwords seem to be equal to the > login ... Actually, that's a valid reason why your code is of some use even in its present form! A question on your john-1.7.2.oracle-1.gz (that was attached to the message): why did you include a modified copy of the DES routines from libdes? Is it just to have this patch independent from libdes and from the jumbo patch, or are your modifications important? Whoever merges this into the jumbo patch will need to know the answer to this as the jumbo patch depends on OpenSSL anyway. > My "current" tree has all the up to date data needed for an up to date > creation of the jumbo patch, at http://btb.banquise.net/bin/myjohn.tgz. Do you suggest that an up-to-date jumbo patch may be created by merely diff'ing your "myjohn" against an official version of JtR? I doubt it. I've been fixing various bugs in the jumbo patch, sometimes silently - I doubt that you've merged those fixes into "myjohn". > There is also the "markov" mode which I found to be very effective on > french passwords, and "solves" some of the problems related to cracking > long passwords. Yeah, I've been meaning to comment on it and ask a question, but I never got around to that... Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ