Date: Thu, 5 Feb 2009 23:47:19 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Problems with DES valid()? Joshua, On Thu, Feb 05, 2009 at 08:25:03AM -0600, Joshua J. Drake wrote: > It seems that the DES valid() function is improperly marking some > hashes as invalid... I'm not 100% sure this is a valid hash, but it > is the right length and contains the right characters. I'm currently > looking at a file with a thousand or so of these hashes. One such hash > is PSdSQOAjO8IcV. > > Is this hash invalid or is there something wrong with valid()? If > it's invalid, why? This is a 13-character string that uses the correct character set, yet it can't possibly be produced by the traditional DES-based crypt(3), because it has one of the unused and "always-zero" bits set. Those are part of the last character of the hash encoding. The corresponding check is this line: if (atoi64[ARCH_INDEX(*(pos - 1))] & 3) return 0; in DES_fmt.c: valid(). This check is indeed correct, no bug there. If you like, you may try commenting this line out - then JtR will load your "hashes" - but this is unlikely to result in any of those invalid hash encodings getting cracked. Most likely, they're either not hashes at all or they are not traditional DES-based crypt(3) hashes (but rather some other unsupported hashes, which happen to use similar encoding). If you don't mind, please post some info on the system these strings came from - OS, version, etc. Does JtR load some percentage of the "hashes", and is it close to 25%? Also, if you find out anything further (e.g., if you get any of these cracked in whatever way), please let the list know. Thanks, Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ