Date: Thu, 01 May 2014 02:11:33 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: [Suspected Junk Mail] hmacSHA256_fmt.c in john-1.7.9-jumbo-7 - allow long salts On 2014-04-30 11:08, Colm O'Flaherty wrote: > Hi. > > This is my first post. > > I'm attaching a patch to allow longer salt values in hmacSHA256_fmt.c, > since the current Jumbo implementation does not allow most JWT tokens to be > cracked, due to length constraints. Welcome! Your patch had numerous little problems but JimF made similar changes to the bleeding-jumbo tree so the functionality is committed now. Next time, please delete any irrelevant stuff so it doesn't get included in the patch. Do a "make clean" for a starter. And please review your patch before submitting it. Did you want us to add an "arch.h" and other stuff to the tree? Of course not. Also, please submit patches against current development tree (and most preferably in the form of pull requests on GitHub). 1.7.9-jumbo-7 is ancient - literally hundreds of thousands of source lines has been added or changed since. A patch against that will often not apply to the current trees without manual resolving. But yes, 1.7.9-jumbo-7 *is* the latest released tree so maybe you just followed some old recommendation. A question specific for your patch: You decreased max. password length from 125 (the global max.) to 110. Why? Such lengths are pretty academic but even so, I despise limits unless there are significant perfomance benefits. Maybe there was? Thanks, magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.