Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 10 Apr 2013 8:30:27 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Cc: Jeremi Gosney <epixoip@...dshell.nl>
Subject: Re: [patch] sse/xop implementation of raw-sha256

Jeremi,

You might want to look at the cmp_all function.  I think things are not what they seem, and the code is always returning true, then using the current cmp_one logic.  The tmp value is always 0000 for non matches and fffff for matches.  Then what is returned is a short int where all 0 words are converted to a f and all ffff words converted to a 0.  So if all 4 hashes were cracked at once, then cmp_all would return 0.  Otherwise cmp_all is always returning some non-zero value.

However, digging deeper into JtR's actual running, I found out something I did not know before.  cmp_all is ONLY called for salted types.  I thought cmp_all was always called.  The cmp_all does get called, always, within the self test code, but the expectation there, is that cmp_all should return true, which this version does.

Magnum, I wonder if self-test code should mirror this logic (not calling cmp_all for non-salted), or if possibly all non-salted formats should have their cmp_all functions removed, and replaced with fmt_default_cmp_all  ?

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.