Follow us on Twitter or via RSS feeds with tweets or complete announcement texts or excerpts
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Aug 2008 05:17:10 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: duplicate guesses with 1.7.3.1-all-2 jumbo patch (was: another bug in john 1.7.3.1?)

I've changed the Subject to be more specific - mention just what the
problem is and what version it pertains to (the jumbo patch, not JtR
itself).  Please try to use short, yet very specific Subjects - not just
"another bug" or the like.

On Wed, Aug 27, 2008 at 12:18:27PM -0400, Adam Turk wrote:
> Loaded 6 password hashes with no different salts (LM DES [32/32 BS])

Are you sure you have used the right/optimal make target for your
system?  What system (hardware, OS, version) are you running JtR on, and
what make target did you use?  I doubt that your CPU is not capable of
at least MMX.

> BB               (b)
> A                (a)
> BB               (b)
...

OK, this does look wrong, and I managed to reproduce the bug.  As I
expected, it is in Simon's largepasswordset patch, which I merged into
the latest jumbo patch.  Please try the attached patch - does it help?

> This is in addition the earlier bug if you try to use john to generate a wordlist. 

No "earlier bug" there.  You have not found a JtR bug so far, but you
have found one in the latest jumbo patch.  Contributed patches, and
consequently the jumbo patch, are sort of expected to be buggy... but I
am fixing really nasty bugs like this one as they're being reported.

Thanks,

Alexander

diff -urp john-1.7.3.1-all-2/src/cracker.c john-1.7.3.1/src/cracker.c
--- john-1.7.3.1-all-2/src/cracker.c	2008-08-24 06:02:12 +0000
+++ john-1.7.3.1/src/cracker.c	2008-08-28 01:00:49 +0000
@@ -133,7 +133,6 @@ static int crk_process_guess(struct db_s
 	log_guess(crk_db->options->flags & DB_LOGIN ? pw->login : "?",
 		dupe ? NULL : pw->source, key);
 
-	pw->found = 1;
 	crk_db->password_count--;
 	crk_db->guess_count++;
 	status.guess_count++;
@@ -147,13 +146,6 @@ static int crk_process_guess(struct db_s
 	if (pw == salt->list) {
 		salt->list = pw->next;
 
-		search_pw = salt->list;
-
-		while(search_pw && (search_pw->found == 1))
-		{
-			salt->list = search_pw->next;
-			search_pw = salt->list;
-		}
 		//ldr_update_salt(crk_db, salt);
 		crk_remove_hash(pw, salt, crk_db);
 
@@ -172,14 +164,13 @@ static int crk_process_guess(struct db_s
 			if (crk_db->salts) crk_init_salt(); else return 1;
 		}
 	} else {
-/*
 		search_pw = salt->list;
 		while (search_pw->next != pw)
 			search_pw = search_pw->next;
-		search_pw->next = pw->next; */
-		crk_remove_hash(pw, salt, crk_db);
+		search_pw->next = pw->next;
 
 		//ldr_update_salt(crk_db, salt);
+		crk_remove_hash(pw, salt, crk_db);
 	}
 
 	return 0;
diff -urp john-1.7.3.1-all-2/src/loader.c john-1.7.3.1/src/loader.c
--- john-1.7.3.1-all-2/src/loader.c	2008-08-24 07:31:10 +0000
+++ john-1.7.3.1/src/loader.c	2008-08-28 01:02:04 +0000
@@ -455,7 +455,6 @@ static void ldr_load_pw_line(struct db_m
 		current_pw = current_salt->list = mem_alloc_tiny(
 			pw_size, MEM_ALIGN_WORD);
 		current_pw->next = last_pw;
-		current_pw->found = 0;
 
 		last_pw = db->password_hash[pw_hash];
 		db->password_hash[pw_hash] = current_pw;
diff -urp john-1.7.3.1-all-2/src/loader.h john-1.7.3.1/src/loader.h
--- john-1.7.3.1-all-2/src/loader.h	2008-08-24 06:02:12 +0000
+++ john-1.7.3.1/src/loader.h	2008-08-28 01:02:14 +0000
@@ -28,9 +28,6 @@ struct db_password {
 /* Some bytes of binary ciphertext for fast comparison */
 	void *binary;
 
-/* checks whether a pwd has been found */
-	unsigned int found;
-
 /* ASCII ciphertext for exact comparison and saving with cracked passwords */
 	char *source;
 
diff -urp john-1.7.3.1-all-2/src/params.h john-1.7.3.1/src/params.h
--- john-1.7.3.1-all-2/src/params.h	2008-08-24 08:01:57 +0000
+++ john-1.7.3.1/src/params.h	2008-08-28 01:03:22 +0000
@@ -15,7 +15,7 @@
 /*
  * John's version number.
  */
-#define JOHN_VERSION			"1.7.3.1-all-2"
+#define JOHN_VERSION			"1.7.3.1-all-2-lpsfix1"
 
 /*
  * Notes to packagers of John for *BSD "ports", Linux distributions, etc.:


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ