Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 3 Oct 2012 18:45:09 +0200
From: magnum <>
Subject: Re: o5logon format hacks

On 3 Oct, 2012, at 18:24 , magnum <> wrote:

> On 3 Oct, 2012, at 17:44 , Dhiru Kholia <> wrote:
>> I have replaced the cracked array approach with standard get_hash* functions.
>> But does this patch make any sense since binary value is always same?
>> I suspect that it will still run into "too many collisions detected" problem.
> I think it does not make sense, it should probably be reverted (although there was some other changes too in that commit, right?). What you should do is use fmt_default_binary *and* set BINARY_SIZE to 0 for all formats that does not use a binary. This will change the warning text a little, as well as reduce unneeded memory use.

Maybe I'm confused now but here's how I *think* we could do to all non-hash formats in order to get proper dupe detection and no warnings.

1. Use a short binary size (eg. 4) so we don't waste too much memory.

2. Write a simple mockup binary() that just returns a 4-byte hash of the full ciphertext. This could be standard crc32 or something else, but it should use all of the ciphertext. 

3. Use standard binary_hash() functions just like the ones you used now.

Actually, this binary() function will be 100% identical for all non-hash formats so I think the fmt_default_binary() should be modified to do this. BUT I'm not sure if any format actually use the present fmt_default_binary() as-is and depend on it's output (it currently outputs the ciphertext as-is). So we could instead name this new function (still in formats.c) fmt_default_binary_nonhash() or something like that.

BTW the binary_hash() functions too could be placed in formats.c as this would remove a lot of duplicated code.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.