Date: Tue, 27 Sep 2011 17:29:11 -0500 From: jmk <jmk@...fus.net> To: john-dev@...ts.openwall.com Subject: Re: MSCHAPv2 Bug On Tue, 2011-09-27 at 00:19 +0200, magnum wrote: > On 2011-09-26 23:29, jmk wrote: > > My MSCHAPv2 format appears to ignore entries in which the username is a > > number (e.g., 1111). I'm not really sure why this is the case, but the > > attached patch seems to correct the issue. > > Lol, from a comment in pass_gen.pl it seems I wrote that down to > Digest::SHA and worked around it (by not using numeric usernames). In > hindsight that was a bad assumption - or let's say I trusted you :) That'll teach you - never assume that I have a clue what I'm doing. ;) > I see the problem. I believe the enclosed patch is more correct (and it > adds a self-test with username of 1111 too). You were scanning the > username for hex digits instead of line ending - I'm sure it must have > failed for "b0b" (there actually is a bOb with capital O in the tests, > which confused me a while) or "abe" too, for example. This patch makes sense. Should I post this to the wiki for it to make its way into the jumbo patch? Thanks! Joe
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.