[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Sep 2011 00:19:49 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: MSCHAPv2 Bug
On 2011-09-26 23:29, jmk wrote:
> My MSCHAPv2 format appears to ignore entries in which the username is a
> number (e.g., 1111). I'm not really sure why this is the case, but the
> attached patch seems to correct the issue.
Lol, from a comment in pass_gen.pl it seems I wrote that down to
Digest::SHA and worked around it (by not using numeric usernames). In
hindsight that was a bad assumption - or let's say I trusted you :)
I see the problem. I believe the enclosed patch is more correct (and it
adds a self-test with username of 1111 too). You were scanning the
username for hex digits instead of line ending - I'm sure it must have
failed for "b0b" (there actually is a bOb with capital O in the tests,
which confused me a while) or "abe" too, for example.
magnum
View attachment "0013-j7-fix-for-MSCHAPv2-bogus-username-length-check.patch" of type "text/x-patch" (1491 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
