Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2008 06:56:56 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: jumbo patch for 1.7.3.1

Hi,

I've released revision 3 and revision 4 of the jumbo patch for 1.7.3.1
yesterday.  Revision 3 went under historical/ right away - the reason
why I released it at all was for "revision control" purposes, as well as
to have some better-tested / fallback code to recommend to those who
might report serious problems introduced with revision 4, if any.

Compared to revision 2, released back in August, revision 3 corrects two
problems reported via this mailing list:

The "duplicate guesses" bug introduced with john-1.7.3.1-all-2 and
reported by Adam Turk (the fix is exactly the same as
john-1.7.3.1-all-2-lpsfix1.diff, which I posted before).

The issue with non-guaranteed alignment for "static" variables under
Cygwin, reported/confirmed by Random Intentions and SmarTeam Support.

Revision 4 adds:

Support for HTTP Digest Access Authentication by Romain Raboin:

	http://www.openwall.com/lists/john-users/2008/08/27/2

Support for OpenLDAP SSHA password hashes, extracted out of myjohn.tgz
by bartavelle.

"Markov" cracking mode, also extracted out of myjohn.tgz by bartavelle,
which he nicely documented at:

	http://openwall.info/wiki/john/markov

All three of these additions include minor changes / bug fixes by me.
However, this time the patch was only tested on a few Linux systems, so
it is fairly likely that other issues with these three additions will
pop up when people start using it on non-Linux.

On Mon, Aug 25, 2008 at 10:10:08AM +0200, Simon Marechal wrote:
> The reason why i keep "my" tree public is that it's too tedious to 
> produce clean patches, due to all the specific tweaks only I use. 
> However, if you only want specific parts I could produce a proper patch.

Thank you!  As you have figured out from the above, I decided to pull
whatever I reasonably could out of your myjohn.tgz myself.

> Currently, here are the differences between my stuff and the jumbo patch 
> I know of:
> * probably less stable

Yes, I've fixed plenty of issues with your code that would result in
misbehavior in various cases (mostly on non-x86).

> * less ciphers supported, only tested with x86, x64 linux

Yet you had OPENLDAPS_fmt.c, which was not in the jumbo patch until now.
With that corrected, you still have these extras:

domino4_fmt.c, domino5_fmt.c, domino_md.*, and the corresponding code in
x86.S - I'm not sure how this compares to lotus5_fmt.c and DOMINOSEC_fmt.c,
which are in the jumbo patch.  Do these implement support for the exact
same two things or not?  How does said support differ - in terms of both
functionality and performance?

tightvnc_fmt.c - unused, and it looks unfinished - is that the case?  Is
this something to consider for inclusion (after it is made to work)?

> * markov-chains based password generator, and associated utilities

Right.  This is now imported into 1.7.3.1-all-4.  I dislike the way the
Makefile is hacked to build the extra utilities, though.

> * usage of the SSE functions when they are available

Can you possibly identify those cases where you have optimized assembly
code and the latest jumbo patch does not - and post a list in here, or
maybe submit a patch (to be applied on top of the jumbo patch) right away?

> * a shortcut for the netlm cipher (part of the original LM hash could be 
> bruteforced. It could be possible to crack it almost as fast as the 
> original LM hash)

Where is this hack found in your code, exactly?  Is there any info on it
that would enable people to use it?

> * an optimized "old lotus" implementation for x86

Yes.  I will probably want to have this in the jumbo patch if it really
is faster.

> * some tweaks which i find useful, such as printing the lines that have 
> not been found when doing -show

This specific one is not acceptable as-is because it is a significant
change of program behavior and there's no option to turn it on or off.
IIRC, someone included a cleaner implementation in a patch announced in
here, but I was not merging stuff into the jumbo patch myself at the
time, so it was not included...  I would probably be OK with merging a
patch that would enhance the --show option with some parameters, leaving
the default behavior intact.  The same goes about the long-standing
request for selecting a wordlist ruleset to use from the command-line.
While the official JtR might implement these things in a different and
incompatible fashion eventually, I am fine with having a "temporary"
implementation in the jumbo patches.

I can't comment on other "tweaks" in myjohn.tgz because I don't know
what they are (and I am too lazy to review and make sense of all the
changes now, especially given that some changes are unintentional).

> I believe that the most useful thing that I have and that is not part of 
> the jumbo patch is the markov generator, which is more effective than 
> -inc (for my usage, and especially for slow ciphers) and let you 
> manually but easily distribute work.

OK, this one has been merged. :-)

Thanks,

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ