Date: Wed, 06 May 2015 10:16:43 +0200 From: Frank Dittrich <frank.dittrich@...lbox.org> To: john-dev@...ts.openwall.com Subject: John core: --format=crypt rejecting descrypt hashes when it first found some bfegg hashes Solar, when john --format=crypt loads bfegg hashes first (length 13), it doesn't recognize valid descrypt hashes anymore. First, collect some test hashes for a few formats, using a bleeding-jumbo binary: (bleeding-jumbo)run $ ./john --list=format-tests --format=aix-smd5 |cut -f 3 > hashes.aix-smd5 (bleeding-jumbo)run $ ./john --list=format-tests --format=descrypt |cut -f 3 > hashes.descrypt (bleeding-jumbo)run $ ./john --list=format-tests --format=bfegg |cut -f 3 > hashes.bfegg Now, switch to master: (bleeding-jumbo)run $ cd ../src/ (bleeding-jumbo)src $ git checkout master Switched to branch 'master' Your branch is up-to-date with 'origin/master'. (master)src $ make -s clean ; make -s -j 16 linux-x86-64-avx DES_std.c: In function ‘DES_std_set_key’: DES_std.c:635:17: warning: array subscript is above array bounds [-Warray-bounds] while (DES_key[i++]) k += 2; ^ (master)src $ cd ../run/ Test with valid non-descrypt hashes and invalid bfegg hashes: (master)run $ ./john hashes.aix-smd5 hashes.bfegg --wordlist=password.lst --format=crypt Warning: hash encoding string length 37, type id #0 appears to be unsupported on this system; will not load such hashes. Warning: hash encoding string length 13, type id #1 appears to be unsupported on this system; will not load such hashes. Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3) [?/64]) Self test failed (valid) Test with invalid bfegg hashes and valid descrypt hashes: (master)run $ ./john hashes.bfegg hashes.descrypt --wordlist=password.lst --format=crypt Warning: hash encoding string length 13, type id #1 appears to be unsupported on this system; will not load such hashes. No password hashes loaded (see FAQ) If you switch the sequence, i.e., load descrypt first, then bfegg, all these hashes are considered valid, but later on you get a Warning: crypt() returned NULL In December, 2014, I found this problem in bleeding-jumbo, see https://github.com/magnumripper/JohnTheRipper/issues/967 Soon we realized it is a core problem. In January, I reported it to john-users: http://openwall.com/lists/john-users/2015/01/04/1 In February, commit https://github.com/magnumripper/JohnTheRipper/commit/8fb75ddcf9a66ce6553cff8852cc02ecd2daf59c was applied to bleeding-jumbo, basically never rejecting hashes of length 14 as invalid, but warning if someone uses --format=crypt trying to crack descrypt hashes. I think a fix in core would be better, so that magnum can get rid of a deviation from core. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.