Date: Fri, 05 Jun 2015 19:51:18 +0200 From: Frank Dittrich <frank.dittrich@...lbox.org> To: john-dev@...ts.openwall.com Subject: Re: poor man's fuzzer On 06/05/2015 02:16 PM, Solar Designer wrote: > [solar@...er run]$ ./john fuzz-sample-LUKS-106-18 > WARNING, LUKS format hash representation will change in future releases, > see doc/README.LUKS > john: luks_fmt_plug.c:475: get_salt: Assertion `res == cs.afsize' failed. > Aborted This one is well known. The reason is that luks2john stores the same information twice in the hash, and the assertion is there to "prevent" loading such inconsistent hashes. This assertion also makes fuzzing somewhat harder, since you have to make sure to avoid this assertion to find the other bugs. But LUKS has other issues as well. Instead of extraction the infor from all used slots it just extracts the infor from the one slot with lowest iteration count (even if this slot might refer to a key file instead of a passphrase). See https://github.com/magnumripper/JohnTheRipper/issues/557 LUKS format and luks2john ("best slot") Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.