Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5571E196.5060400@mailbox.org>
Date: Fri, 05 Jun 2015 19:51:18 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

On 06/05/2015 02:16 PM, Solar Designer wrote:
> [solar@...er run]$ ./john fuzz-sample-LUKS-106-18
> WARNING, LUKS format hash representation will change in future releases,
> see doc/README.LUKS
> john: luks_fmt_plug.c:475: get_salt: Assertion `res == cs.afsize' failed.
> Aborted

This one is well known. The reason is that luks2john stores the same
information twice in the hash, and the assertion is there to "prevent"
loading such inconsistent hashes.
This assertion also makes fuzzing somewhat harder, since you have to
make sure to avoid this assertion to find the other bugs.
But LUKS has other issues as well.
Instead of extraction the infor from all used slots it just extracts the
infor from the one slot with lowest iteration count (even if this slot
might refer to a key file instead of a passphrase).

See https://github.com/magnumripper/JohnTheRipper/issues/557
LUKS format and luks2john ("best slot")

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.