Date: Fri, 8 Jun 2012 18:54:16 +0200 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: Was: RE: [john-users] JtR to process the LinkedIn hash dump On 06/08/2012 05:45 PM, jfoug wrote: > Note, this DOES require get_source to return a possibly different string > than the split(). This is 'against' the assertion rules. This was causing > self tests to fail, IF there were any of the 00000 hashes in self test > strings, so they simply have been removed. This is indeed difficult to solve. Even if the format interface would be extended by a function which provides the canonical representation of a hash (default either NULL or a pointer to a default function which doesn't change the hash), this wouldn't work for this special case. Usually, you would expect a format to be able to provide the canonical form of a hash even if the password is unknown. This "format" is somewhat different, because the canonical hash representation is only known after the password hash been cracked. If the canonical representation of the hash has to be calculated prior to knowing the password, the only option would be to use the 00000 version as the canonical representation. This would, however, require to use a format identifier which differs from the default sha-1 version. Another way to extend the test data for cases like this (not sure whether it is worth implementing or not): Each "record" of the test data can be extended by an optional 3rd component (default NULL). If the 3rd component is NULL, then the canonical representation of the hash must be identical to the first component. If not, then this is the canonical representation that needs to be returned to pass the test. But even if the test data sructure gets extended to support arbitrary differences between a valid hash and the canonical representation, it is questionable whether we should support cases where the canonical representation can only be calculated when the password is known. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.