Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 14 Jul 2012 15:33:09 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: Still a bug in dynamic (27/28)  J7-RC

I thought I had this nailed down, but it appears not. I think I know the
fix, and will test, and if so, get it into the release candidate on git.

 

form=dynamic_27                   guesses: 1360 time: 0:00:00:19 : Expected
count(s) (1500)  [!!!FAILED!!!]

form=dynamic_28                   guesses: 1360 time: 0:00:00:19 : Expected
count(s) (1500)  [!!!FAILED!!!]

 

$ ../run/john -list=format-all-details -form=dynamic_27

Format label                            dynamic_27

Max. password length in bytes           72

Min. keys per crypt                     1

Max. keys per crypt                     2

Flags

Case sensitive                         yes

Supports 8-bit characters              yes

Converts 8859-1 to UTF-16/UCS-2        no

Honours --encoding=NAME                no

False positives possible               no

Uses a bitslice implementation         no

The split() method unifies case        no

A $dynamic$ format                     yes

Number of test cases for --test         5

Algorithm name                          32/32 X2 (MD5_body)

Format name                             dynamic_27: FreeBSD MD5

Benchmark comment

Benchmark length                        -1

Binary size                             16

Salt size                               8

 

 

The problem is the max password len Anything over 15 bytes fails.  For an
asm build, this does not show up on the TS, but JtR will NOT find anything
over 15 byte password, even in TS.  The reason it passes TS is because TS
does not have any hashes that require more than a 15 byte password.

 

The problem shows up in a generic build.  In that build, x86 asm md5 is not
used, and overwrites do not happen.  But in the generic builds (on this
system), something does have buffer overwrites, and a reduction in found
passwords is seen in the TS.

 

I think I know the problem, I will get this found and fixed shortly.   

 

Ok, the fix has been found, and now: 

 

$ ./jtrts.pl -b ../../john-1.7.9/jumbo-70/run dynamic_27

----------------------------------------------------------------------------
---

- JtR-TestSuite (jtrts). Version 1.12.9, July 13, 2012.  By, Jim Fougeron &
others

- Testing:  John the Ripper password cracker, ver: 1.7.9-jumbo-6+unstable
[generic]

----------------------------------------------------------------------------
----

 

form=dynamic_27                   guesses: 1500 time: 0:00:00:16  [PASSED]

.pot CHK:dynamic_27               guesses: 1500 time: 0:00:00:13  [PASSED]

 

$ ./jtrts.pl -b ../../john-1.7.9/jumbo-70/run dynamic_28

----------------------------------------------------------------------------
---

- JtR-TestSuite (jtrts). Version 1.12.9, July 13, 2012.  By, Jim Fougeron &
others

- Testing:  John the Ripper password cracker, ver: 1.7.9-jumbo-6+unstable
[generic]

----------------------------------------------------------------------------
----

 

form=dynamic_28                   guesses: 1500 time: 0:00:00:16  [PASSED]

.pot CHK:dynamic_28               guesses: 1500 time: 0:00:00:14  [PASSED]

 

 

I will get this checked in properly, but I want to get with Magnum before
doing so, to make 100% certain I have the proper procedure for doing this
correctly.

 

 

Jim. 


Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.