Date: Tue, 14 Jun 2011 19:27:06 +0200 From: magnum <rawsmooth@...dband.net> To: john-dev@...ts.openwall.com Subject: Re: add support for cracking RAR archive passwords [GSoC first cut] On 2011-06-14 18:21, Łukasz Odzioba wrote: > It's clear to me right now. Really thanks for an exhaustive answer! > I'll adapt this knowledge to my patches. Just remember that after truncating, it's imperative that get_key() will return a plaintext truncated exactly like the one that was sent to hashing. So eg. if using a saved_plain variable, that one must be truncated too. Otherwise we get bugs very hard to notice! Been there, done that, got the t-shirt... Like Jim said, John will truncate for us at the length indicated by the format struct. But formats that can convert from UTF-8 are trickier: There *may* be three times as many octets of input as there are characters of output. Therefore, we can't rely on John truncating for us but must multiply PLAINTEXT_LENGTH by 3 and truncate ourselves at the target encoding's (usually UTF-16) max length. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.