Date: Thu, 24 Jan 2013 20:06:42 +0100 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: Formats ssh and ssh-ng On 24 Jan, 2013, at 19:18 , Frank Dittrich <frank_dittrich@...mail.com> wrote: > That it can produce false positives is not that much of a problem, > provided the probability of false positives is very small. > (Did anybody compute that probability?) > Because of FMT_NOT_EXACT, john will not remove that hash once the first > match is found. > And you can still use --format=ssh to verify the password. I had a look at check_padding_3des() that verifies the result. It's hard to calculate a probability. The padding check might give false *negatives* unless there always is padding present even for blocks that happened to be aligned. But it looks to me it would be a pretty freaking unreal coincidence if it ever made a false positive. If you ask me (but you shouldn't), we could remove the FMT_NOT_EXACT flag. Can't you batch creation of a million test files and try cracking them? That's what I did with RAR. It's a pity key file creation is so slow :-) BTW I just committed an unrelated fix to that format. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.