Date: Mon, 20 Jun 2011 20:12:13 +0200 From: magnum <rawsmooth@...dband.net> To: john-dev@...ts.openwall.com Subject: Re: Even more mscash & mscash2 fixes On 2011-06-15 22:44, magnum wrote: > Just posted john-1.7.7-jumbo-6-more-mscash-fixes.diff.gz to the wiki, > with the following for mscash & mscash2: > > * 8-bit self-tests for normal mode as well as --utf8, also including > nullstring and max length of salt [see below] > * Lowercasing of salts > * Unicode length check of salt and reject in valid() if too long > * (mscash2 only) Replaced a binary salt_len check in set_salt() that > lacked error handling and caused crashes (apart from being redundant) Yet another incremental patch is posted now, that hopefully finally fixes all remaining 8-bit issues in mscash2. Finally, we have this format in test suite (not yet released) so I could hammer it with all I had. Now, *all* formats that I'm aware of using Unicode internally passes all nasty tests I throw at them. Many of the bugs that has been fixed has nothing to do with my --utf8 support, I just found them because of it. I also threw in the Blowfish fix recently posted by Solar, that also affected 8-bit characters. Salute the Test Suite. Most other non-Unicode formats already passed all the 8-bit tests. > Still, there is a major problem in mscash2: As far as I can tell, the > maximum supported salt length is supposed to be 19 characters. Unless > my generator script is to blame, John fails to crack any hash with a > salt longer than 8 characters. The self-test I included with saltlen > 19 is currently commented out. Unless this is fixed, the max length > check in valid() should be really be decreased from 19 to 8. I haven't disabled saltlen >8 but the above still stands, mscash2 can only handle salts (=usernames) up to eight characters - which disqualifies the Administrator account, just as a random example... Haven't heard from S3nf so I'm hoping Jim can nail it. You lose me as soon as you reverse steps. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.