Date: Sun, 30 Dec 2012 09:09:40 +0100 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Rejecting hashes in valid() due to memory allocation failures? Making sure to only accept valid hashes is certainly a good thing. But I wonder if changes like this one (just the most recent I found, I'm sure there are more) are OK: src/pbkdf2-hmac-sha512_fmt_plug.c + if (!(ctcopy = strdup(ciphertext))) + return 0; In such a case, the hash could be valid, but it gets treated as if it were invalid. How unlikely is it that a memory allocation failure occurs when trying to crack a huge number of passwords? (This could also be caused by strict ulimit settings.) IMHO, In such a case we shouldn't silently drop valid hashes as if they were invalid, but instead at least print some kind of error message. (May be even change the interface and allow a negative return value in valid(), to signal that there is a more general problem, so that we don't get thousands of error messages for memory allocation failures...) Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.