Date: Thu, 24 Jan 2013 19:18:48 +0100 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: Formats ssh and ssh-ng On 01/24/2013 06:39 PM, magnum wrote: > On 24 Jan, 2013, at 17:08 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: >> On Thu, Jan 24, 2013 at 8:50 PM, Frank Dittrich >> <frank_dittrich@...mail.com> wrote: >>> Can't ssh-ng report "SSH RSA / DSA" instead of "ssh-ng SSH RSA / DSA"? >>> This would allow to pick the fastest of several benchmarks for >>> performance comparison in relbench. >>> (Of course, the format name should only be changed if both formats >>> understand the same canonical hash representation and if ssh-ng doesn't >>> produce false positives.) >> >> ssh-ng *might* produce false positives (but it hasn't so far!) and >> making ssh-ng understand old-style hashes requires more work (i.e. >> patches welcome). >> >> Hence, for now, it is better to treat them as separate formats. > > They should be separate formats in Jumbo, but I agree with Frank they could still be "one" format in relbench. As long as ssh doesn't understand ssh-ng hashes and vice versa, there is a risk of duplicate effort (cracking hashes which have already been cracked using the other format). If someone implements a prepare() for ssh-ng so that this format understands the old ssh hash representation, we might want to move john_register_one(&fmt_ssh); up, so that it is registered before the plugin formats, *if* ssh-ng really is still experimental. That it can produce false positives is not that much of a problem, provided the probability of false positives is very small. (Did anybody compute that probability?) Because of FMT_NOT_EXACT, john will not remove that hash once the first match is found. And you can still use --format=ssh to verify the password. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.