Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Jan 2013 20:06:42 +0100
From: magnum <>
Subject: Re: Formats ssh and ssh-ng

On 24 Jan, 2013, at 19:18 , Frank Dittrich <> wrote:
> That it can produce false positives is not that much of a problem,
> provided the probability of false positives is very small.
> (Did anybody compute that probability?)
> Because of FMT_NOT_EXACT, john will not remove that hash once the first
> match is found.
> And you can still use --format=ssh to verify the password.

I had a look at check_padding_3des() that verifies the result. It's hard to calculate a probability. The padding check might give false *negatives* unless there always is padding present even for blocks that happened to be aligned. But it looks to me it would be a pretty freaking unreal coincidence if it ever made a false positive. If you ask me (but you shouldn't), we could remove the FMT_NOT_EXACT flag.

Can't you batch creation of a million test files and try cracking them? That's what I did with RAR. It's a pity key file creation is so slow :-)

BTW I just committed an unrelated fix to that format.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.