Date: Tue, 4 Aug 2015 08:57:29 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Re: auditing our use of FMT_* flags (was: more robustness) Hi Alexander, The current --test-full branch is here: https://github.com/loverszhaokai/JohnTheRipper/tree/test_full_option This patch can detect FMT_CASE and FMT_8_BIT errors. $ ./john --test-full=0 [--format=...] Finally, there are some problems with the two flags. 1. FMT_8_BIT 1.1 formats have not set FMT_8_BIT but there is at least one password which does not ignore the 8th bit bsdicrypt, has-160, pomelo, pufferfish, Stribog-256, wpapsk 1.2 formats have set FMT_8_BIT but all passwords ignore 8th bit VNC, crypt 2. FMT_CASE 2.1 formats have not set FMT_CASE but there is at least one password which is case-sensitive LM, WoWSRP, mssql, nethalflm, netlm, oracle, sapb, saph 2.2 formats have set FMT_CASE but all passwords are case-insensitive OpenVMS I think some of the problems are really bugs while some are not because the current technical aspect of self-tests. I think it would be better if you or magnum or others can help me to make it clear. Thanks, Kai Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.