Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 26 Mar 2012 10:37:11 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: get_salt return question

>Understood. Will this internal saving work if the salt is complex nested
>data structure with some variables (in the nested structures) being
>dynamically allocated. I tried implementing "custom-salt" for mozilla
>format with no luck so far.

Look at the pkzip format.  That is a complex salt.  I have a structure that
I allocate data for (within get_salt).  At the end of the get_salt, when I
am returning, what I do is allocate space for a pointer, and copy the
address of my allocated data structure into that pointer, and return that
pointer.

Then within set_salt, I simply double dereference that pointer, into a local
'static' pointer of the proper structure type. That static pointer IS the
salt that is used by the crypt_all() function, and or anything else that
would need it.

So the only thing 'stored' by john for the salt, and the data that is passed
back and forth, is nothing more than a pointer.  It took a little work to
get the method to work, but now that it is being used, replicating that
method is very easy to do.

Within pkzip, I had a variable sized salt. Thus I had to come up with some
method, other than having 2mb salt size (or 200mb salt size).  I did this by
building the proper structure, allocating it properly to 'fit' the zip file
data, and then only passing back and forth pointers to these allocated
items.     I am sure that pdf/rar/ssh, etc, etc where we do not have
'simple' hash data (i.e. non-standard JtR types), they can easily be put
into custom structures, allocated at get_salt() call, and then simply have a
pointer passed out of get_salt() and passed into set_salt().

Jim.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.