Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b261a12c03172ef0e191d0296339dd0d@smtp.hushmail.com>
Date: Tue, 1 Jan 2013 23:28:35 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: dynamic format bug (was: A few questions regarding the newly added BLAKE2 format)

On 1 Jan, 2013, at 22:48 , magnum <john.magnum@...hmail.com> wrote:
> On 1 Jan, 2013, at 21:56 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
>> The dynamic formats also accept these hashes when using
>> --format=dynamic_0 (or dynamic_2, dynamic_3, dynamic_19, ...).
> 
> You are right. Here is a normal md5 hash written twice:
> 
> $ echo 8ad8757baa8564dc136c1e07507f4a988ad8757baa8564dc136c1e07507f4a98 >test
> $ ../run/john test -form:dynamic_0
> Loaded 1 password hash (dynamic_0: md5($p) (raw-md5) [128/128 SSE2 intrinsics 10x4x3])
> test3            (?)
> guesses: 1  time: 0:00:00:00 DONE (Tue Jan  1 22:10:20 2013)  c/s: 360000  trying: 3533 - sierra
> 
> Even worse, the overlong hash is stored in john.pot:
> $ cat ../run/john.pot 
> $dynamic_0$8ad8757baa8564dc136c1e07507f4a988ad8757baa8564dc136c1e07507f4a98:test3
> 
> And that has this effect:
> $ ../run/john test -form:dynamic_0 -show
> 0 password hashes cracked, 1 left

This partly fixes the problem:

diff --git a/src/dynamic_fmt.c b/src/dynamic_fmt.c
index cf88409..ee14fcb 100644
--- a/src/dynamic_fmt.c
+++ b/src/dynamic_fmt.c
@@ -701,7 +701,7 @@ static int valid(char *ciphertext, struct fmt_main *pFmt)
                if (atoi16[ARCH_INDEX(cp[i])] == 0x7f)
                        return 0;
        }
-       if ( (pPriv->pSetup->flags&MGF_SALTED) == 0)
+       if (!cp[cipherTextLen] && (pPriv->pSetup->flags&MGF_SALTED) == 0)
                return 1;
 
        if (cp[cipherTextLen] && cp[cipherTextLen] != '$')


After this and using DynamicAlwaysUseRawHashes=Y, only dynamic_19, dynamic_80 and dynamic_100 will accept a 128 character hash. But dynamic_19 is CiscoPIX so that is still wrong. Also, some thin formats fail with this:

Benchmarking: PHPS md5(md5($pass).$salt) [128/128 SSE2 intrinsics 10x4x3]... FAILED (valid) 
Benchmarking: MediaWiki md5($s.'-'.md5($p)) [128/128 SSE2 intrinsics 10x4x3]... FAILED (valid) 
Benchmarking: osCommerce md5($salt.$pass) [128/128 SSE2 intrinsics 10x4x3]... FAILED (valid) 
Benchmarking: phpass MD5 ($P$9) [128/128 SSE2 intrinsics 4x4x3]... FAILED (valid)

So there's more to it. Jim, are you reading this?

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.