Date: Wed, 25 Mar 2015 12:25:42 +0300 From: Alexander Cherepanov <ch3root@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Ideas for the robustness gsoc task On 2015-03-25 09:56, Kai Zhao wrote: Please turn off sending html parts in your emails if you can. >> And I think it's better to specifically list parts of code to review for > better prioritization. The quoting in your email is slightly wrong: there are hard line breaks but no ">" on the continuation lines. It's not urgent but please fix it after submission deadline. > For manual review, I think valid() functions should be first even we > change the mechanism. If we come up with a simple mechanism to express valid() and other similar functions then we can switch to it skipping review of the old implementation and I hope we will not need to review the use of the new mechanism or that reviewing it would be trivial. We can process formats gradually, one by one. Starting with the worst, found e.g. by fuzzing. And we surely must carefully review and test the new mechanism. >> If we convert valid()/etc. functions to some simple-to-use mechanism, I >> don't think it would that hard to convert even hundreds of formats. > > For simple formats, I think we can use regex to check. But regex can > not check complex formats If we can cover 90% of all formats in a simple way that would be great. Remaining formats could be done by hand (as it is done now). > such as agilekeychain_fmt_plug.c. I haven't looked into it deep enough but right now this formats looks a bit strange: there could be upto to two keys in the hash but only the first one is used, the second one is ignored. Either it should be splitted in john or in keychain2john. If you stumble upon some strange formats please note them to post the list in the future or post right away. Anyway, the structure of hashes in agilekeychain_fmt_plug.c is not that complex. I hope to post a prototype of scanf-like functions for use in valid() and salt() soon. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.